Important: email service provider security incident

Important: email service provider security incident

We have been recently informed by our email service provider Klaviyo that it has suffered a data breach. Hackers managed to get access to internal systems after stealing an employee's credentials via a phishing attack. The credentials were then used to access and download users’ emails from 38 companies, including Rarible.

According to the email vendor, they have reported the breach to the appropriate authorities and are working with a third-party cybersecurity firm to further investigate the incident.

If you have shared your email with Rarible in the past, you should assume that you were impacted. Please stay extra vigilant and be on the lookout for any phishing emails attempting to impersonate Rarible.

Here’s how you can protect yourself

First and foremost, double check the email domain in any communication you receive from us. If it’s anything else other than our official @rarible.com, it’s malicious! Make sure to check if it’s spelled correctly, as every letter makes a difference. We will never contact you from domains like @raribel.com or @rarible.xyz.

Below are some best practices to protect yourself from potential phishing attacks. These are applicable at all times, so let’s see this as an opportunity to refresh email safety knowledge in our community, even if you haven’t been impacted:

  • Check the sender’s email address. If you identified an address impersonating Rarible (see above!), do not engage with it in any way. Do not click any links. Please report it at support@rarible.com
  • Be cautious about email attachments. Never download anything from an email. We never include attachments or requests to download anything in our correspondence. If there is an attachment, you are most likely looking at a malicious email.
  • Keep your recovery phrase & seed phrase to yourself. Do not share your passwords or secret wallet phrases with anyone — ever! Rarible will never ask you to do it.
  • Check the transactions that you sign. Authentic Rarible emails will never directly prompt you to sign a wallet transaction. If you were led to a wallet transaction by an email, always check the origin.

Your safety is our top priority. Please report any incidents or concerns at support@rarible.com. Stay careful and safe!