from Hacker News

Autodesk Email System Hacked

by splittydev on 3/17/25, 10:01 AM with 7 comments

I just got an email from "noreply@autodesk.com", claiming to be from "opensea.io".

The email is domain-verified (for Autodesk.com) by Google, so it seems the Autodesk email system has been compromised.

  • by justusw on 3/18/25, 5:44 AM

    Can confirm, I've got a DKIM passing email today asking me to sell my "Illuvium". DKIM auth result header:

    > Authentication-Results: spamfilter01.heinlein-hosting.de (amavisd-new); > dkim=pass (2048-bit key) header.d=autodesk.com

    For this DKIM-Signature:

    > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autodesk.com; > h=from:subject:mime-version:list-unsubscribe:content-type:reply-to: > cc:content-type:from:subject:to; > s=s11; bh=...

    MTA:

    > Received: from ec2-3-8-140-122.eu-west-2.compute.amazonaws.com (unknown) > by geopod-ismtpd-13 (SG) with ESMTP id n5WDORJ6Taauv7FuUNA9Ug

    I wonder if just their DKIM selector got stolen or someone owned their AWS accounts as well?

  • by hakoo178 on 3/19/25, 12:34 AM

    I got a similar one from Autodesk, but it was about Magic Eden instead of OpenSea. I knew it was fake, but I still clicked the link to see how it could be on Autodesk (because the link showed an Autodesk URL). Of course, I did not connect my wallet or do anything else, I just looked at the page and then closed it. Am I in any danger?

  • by azhsetiawan on 3/17/25, 1:42 PM

    I also got the same email an hour ago. noreply@autodesk.com with subject "New Alert!". At first I was wondered why this OpenSea type scam email didn't automatically go into the spam folder, turned out to be from a verified domain.

  • by mithr_A on 3/17/25, 10:55 AM

    I've got two emails in the last hour from them as well. (Opensea.io noreply@autodesk.com)