Author: richard.meeus

Access has always been a conundrum for security professionals. The level of access privileges you give to your employees exposes you to insider threats. The recent data breach faced by OpenSea exposes another layer of risk: third-party vendors, after the web3.0 marketplace’s supplier, customer.io, was found to be responsible for a breach that saw the unauthorised exposure of thousands of users and newsletter subscribers’. The bad actor was a senior engineer within customer.io with a certain level of clearance, meaning that their access privileges allowed them to download and work with the data. Considering that OpenSea boasts 1.8 million users,…