OpenSea has advised its users to change their API keys following a security breach involving one of its third-party vendors. The incident potentially exposed users’ API key information, although OpenSea believes it won’t impact programs using these keys, a news report by The Block said.
“One of our vendors experienced a security incident that may have exposed information about your OpenSea API key… We are requesting you deprecate usage of your existing key immediately and replace it with a newly generated key,” OpenSea said in an email.
However, if external parties utilize the compromised keys, it could affect rate and usage limits. OpenSea has announced its intention to deactivate existing keys by October 2. The extent of the breach’s impact on users and the information exposed, aside from API keys, has not been disclosed by OpenSea.
This disclosure follows a similar incident involving crypto analytics firm Nansen, which recently reported a breach of one of its third-party vendors. This breach resulted in the exposure of emails, password hashes, and some blockchain addresses, affecting 6.8% of Nansen’s users.
“On September 20, Nansen was notified by one of our third-party vendors that their systems had been compromised. A breach on the vendor’s side gave an attacker access to admin rights oto an account used to provision customer acess to our platform… Based on our preliminary investigation over the past 48 hours, 6.8% of our users were impacted,” Nansen said in a statement.