OpenSea tells users to rotate API keys after third-party security breach
Quick Take
- One of OpenSea’s third-party vendors experienced a security incident that exposed information related to user API keys.
- Nansen disclosed a data breach affecting one of its third-party vendors yesterday, but it’s currently unclear whether the incidents are related.
NFT marketplace OpenSea disclosed that one of its third-party vendors “experienced a security incident that may have exposed information” regarding users’ API keys in an email to some users.
The company noted that the security incident was not expected to affect any programs that utilize an OpenSea API key, but that if external parties use one of the exposed keys, it could affect rate and usage limits. OpenSea plans on sunsetting existing keys by Oct. 2, according to the email.
OpenSea did not disclose how many users were affected by the breach or what information besides API keys may have been exposed. OpenSea did not immediately return a request for comment from The Block.
The disclosure comes shortly after a similar notice from crypto analytics firm Nansen, which disclosed yesterday that one of its third-party vendors was compromised, leading to the loss of emails, password hashes and some blockchain addresses.The breach impacted 6.8% of Nansen’s users, who had their emails exposed, according to a post on X.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.