On April 14, ConsenSys, the parent company of MetaMask, announced a hack exposing customer email addresses.
The incident affected users who submitted customer service tickets to MetaMask between August 1, 2021, and February 10, 2023.
The unauthorized actors gained access to a third-party computer system used to process customer service requests, which could have allowed them to view customer support tickets submitted by MetaMask users.
The tickets did not ask for more than necessary information to help the user, including email addresses to facilitate replies, but they did include a free text field that some users may have used to submit personally identifying information.
ConsenSys emphasized that it does not ask for personally identifying information in customer conversations, but some users may have provided it anyway. The company estimates that the breach may have affected up to 7,000 MetaMask users who submitted customer support tickets.
The personally identifying information may have included economic or financial information, name, surname, date of birth, phone number, and postal address, the post stated.
Keystone, a hardware wallet provider, warned MetaMask users that some may receive more phishing emails due to the incident since the attacker may use the swiped email database to look for potential victims.
Phishing is a scam that tricks a user into providing sensitive information to an attacker, often by sending an email to the victim that appears to be from a trusted party or someone the victim knows.
Consensys has taken steps to eliminate unauthorized access in the future. As a result, tickets submitted after February 10 should be unaffected by the incident.
They have also contacted the Data Protection Commission of Ireland and the Information Commissioner’s Office of the United Kingdom to report the breach. The company’s third-party customer service provider is working with a cybersecurity and forensics team to perform a more detailed investigation of the incident.
Privacy advocates criticized MetaMask in late 2022 when it revealed that it sometimes logged users’ IP addresses. However, the app updated in March to give users more control over which providers could obtain this information.
The incident raises concerns over the security of customer data and the potential for phishing attacks. Cybersecurity incidents are becoming increasingly common, and companies must take steps to protect their customers’ data.
The incident also highlights the importance of user awareness and caution when sharing personal information online. It is essential to use strong passwords and be wary of emails and messages from unknown or suspicious sources.
Additionally, users should monitor their financial accounts regularly to detect any unauthorized activity.
MetaMask third party hack
In conclusion, the recent cyber-security incident involving MetaMask highlights the importance of protecting customer data and being cautious when sharing personal information online.
While steps have been taken to eliminate unauthorized access and prevent future incidents, users must remain vigilant in monitoring their accounts and protecting themselves from potential phishing attacks.