MetaMask, the popular Ethereum wallet, recently experienced a cybersecurity incident that exposed the email addresses of some of its users who submitted a customer support ticket between August 1, 2021, and February 10, 2023. Parent company ConsenSys released a blog post on April 14, 2023, which disclosed the details of the incident.
According to the post, unauthorized actors gained access to a third-party computer system that was used to process customer service requests. This allowed them to potentially view customer support tickets submitted by MetaMask users. While the tickets did not ask for information other than what was necessary to help the user, they did include a free text field that some users may have used to submit personally identifying information. This may have included economic or financial information, name, surname, date of birth, phone number, and postal address.
ConsenSys emphasized that it does not ask for personally identifying information in customer conversations, but some users may have provided it anyway. The breach may have affected up to 7,000 MetaMask users who submitted customer support tickets during the affected timeframe.
As a response to the incident, hardware wallet provider Keystone warned MetaMask users that they might receive more phishing emails. The attacker may use this swiped email database to look for potential victims. Phishing is a scam that tricks a user into providing sensitive information to an attacker. It is often performed by sending an email to the victim that appears to be from a trusted party or someone the victim knows.
ConsenSys said it had taken steps to eliminate unauthorized access in the future. As a result, tickets submitted after February 10 should
Read more on blockchain.news