NFT marketplace OpenSea has admitted a major email data breach and is warning users about receiving phishing emails.

OpenSea wrote on Twitter: “Email addresses provided to OpenSea by users or newsletter subscribers were impacted.”

OpenSea said in a blog post that an employee of its email delivery vendor Customer.io has misused employee access to download and share email addresses — provided by OpenSea users and newsletter subscribers — with an unauthorised third party.

“We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement,” the company said. According to reports, OpenSea users complain of spam emails, text messages and calls.

OpenSea alerted users to be cautious of phishing emails that impersonate their domain: opensea.io. The company also asked users not to engage in any wallet transaction prompted directly from an email and advised users not to download attachments from an OpenSea email.

According to Dune Analytics data, an open-source crypto analytics platform, more than 1.8 million users made at least one purchase through the Ethereum blockchain on OpenSea.