Opensea, the popular NFT marketplace that hit a colossal $13 billion valuation in January, is warning users of email phishing after a data breach.

A staff at Customer.io, an email vendor contracted by OpenSea, misused their employee access to download and share email addresses of OpenSea’s users and newsletter subscribers with an unauthorized external party, the world’s largest NFT marketplace said Wednesday night.

The scale of the security breach appears massive. “If you have shared your email with OpenSea in the past, you should assume you were impacted,” the company said, adding that it’s working with Customer.io in an ongoing investigation and has reported the incident to law enforcement.

More to come…