The email addresses of some MetaMask users may have been exposed to a malicious third party due to a recently discovered cybersecurity incident. According to parent company ConsenSys, the incident keen to users who submitted a customer support ticket to MetaMask between August 1, 2021 and February 10, 2023.
According to an April 14 blog post, unauthorized actors gained access to a third-party computer system used to process customer service requests, potentially allowing them to view customer support tickets submitted by users of MetaMask.
These tickets did not ask for more information than necessary to help the user, including the email address to facilitate responses. However, they did include a “free text field” that some users may have used to submit personally identifiable information. This may have included “economic or financial information, name, surname, date of birth, telephone number and postal address,” the post said.
Consensys noted that it does not ask for personally identifiable information in conversations with customers, but some may have provided it anyway.
The company estimates that the breach may have affected as many as 7,000 MetaMask users who submitted customer support requests.
In response to this incident, e-wallet provider Keystone warned MetaMask users that some may receive more phishing emails due to the incident, as the attacker could use this database of stolen emails to search for potential victims. .
A third-party service provider that provides customer support ticketing services to ConsenSys was the target of a cyber-security incident
âš ï¸ Be cautious of the potential increase in phishing emails moving forwardhttps://t.co/HswtDiK5EY
—Keystone | Hardware Wallet (@KeystoneWallet) April 14, 2023
Phishing is a scam that tricks a user into providing sensitive information to an attacker. This is usually done by sending the victim an email that appears to come from a trusted party or from someone the victim knows.
Consensys said it had taken steps to eliminate unauthorized access in the future. As a result, tickets submitted after February 10 should not be affected by the incident. They have also contacted the Irish Data Protection Commission and the UK Information Commissioner’s Office to report the incident. In addition, the company’s third-party customer service provider is working with a cybersecurity and forensics team to conduct a more detailed investigation of the matter.
MetaMask came under fire from privacy advocates in late 2022, when it revealed that it sometimes logged users’ IP addresses. However, in March it updated its app to give users more control over which vendors could get this information.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.