NEAR has announced an update on their web wallet, since a bug found and fixed, some action might required. For the moment bug doesn't constitute any danger but given the fact that recent hacks created big damaged to many protocols better to be safe than sorry. The bug results effects people who had used email or SMS recovery. It's advices user to enable a Ledger device or enabling passphrase security.
The email sent to users from NEAR:
NEAR Web Wallet Security Update
Dear NEAR Web Wallet User,
The recent wallet hacks on other platforms have brought to light potentially serious security issues connected to the use of common analytics tools in Web3. In light of those hacks, we are sharing a perspective on a recent experience involving similar tools.
On June 6th, 2022, the NEAR Wallet team received a bug report indicating that sensitive information had been shared with a third party. The issue was fixed promptly the same day.
While the team was aware of this threat, and careful to sanitize data collected by the third party service, a code change nevertheless resulted in the collection of sensitive data for some users, like yourself, who had used email or SMS recovery with their wallets. The wallet team immediately remediated the situation, scrubbed all sensitive data, and identified any personnel who could have had the ability to access this data.
To date, we have found no indicators of compromise related to the accidental collection of this data, nor do we have reason to believe this data persists anywhere.
Regardless, we no longer allow users to create accounts using email or SMS for account recovery. Despite having no evidence of compromise, we recommend that you rotate your keys. This can be accomplished by visiting https://wallet.near.org/profile, either by enabling a Ledger device (your most secure option and highly recommended) or enabling passphrase security. After doing this, users should disable email or SMS recovery.
More information with detailed instructions can be found here: