Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
MetaMask’s external service provider suffered a security breach, revealing email addresses.
The email addresses of certain MetaMask users may have been compromised by a malicious entity due to a recently identified cyber-security breach. As reported by its parent company ConsenSys, the incident impacted users who filed a customer support ticket with MetaMask between August 1, 2021, and February 10, 2023.
As stated in the blog post from April 14, unauthorized individuals accessed a third-party computer system utilized for processing customer service requests, potentially enabling them to view support tickets submitted by MetaMask users.
These tickets only requested information necessary to assist the user, including an email address for response purposes. However, they contained a “free text-field,” which some users might have used to provide personally identifiable information. This could have included “economic or financial information, name, surname, date of birth, phone number, and postal address,” according to the post.
ConsenSys highlighted that it does not solicit personally identifiable information during customer interactions, although some users may have shared it nonetheless.
The company estimates that the breach may have impacted as many as 7,000 MetaMask users who submitted customer support tickets.
Related Posts
In light of this incident, hardware wallet provider Keystone cautioned MetaMask users that some may receive an increase in phishing emails as the attacker could utilize the compromised email database to target potential victims.
A third-party service provider that offers customer support ticketing services to ConsenSys was the target of a cyber-security incident
⚠️ Exercise caution regarding the potential rise in phishing emails in the future https://t.co/HswtDiK5EY— Keystone | Hardware Wallet (@KeystoneWallet) April 14, 2023
Phishing is a fraudulent scheme that deceives a user into disclosing sensitive information to an attacker. This is often executed by sending an email to the victim that appears to originate from a trusted source or an acquaintance.
Related: MetaMask introduces new fiat purchase feature for cryptocurrency
ConsenSys indicated that it has implemented measures to prevent unauthorized access in the future. Consequently, tickets submitted after February 10 should remain unaffected by the breach. They have also reached out to the Data Protection Commission of Ireland and the Information Commissioner’s Office of the United Kingdom to report the incident. Additionally, the company’s third-party customer service provider is collaborating with a cyber-security and forensics team to conduct a more thorough investigation of the breach.
MetaMask faced criticism from privacy advocates in late 2022 when it disclosed that it occasionally logged users’ IP addresses. However, it updated its application in March to provide users with greater control over which providers could access this information.
