The Incident in Brief
A cybersecurity incident has put the personal information of some MetaMask users at risk. According to ConsenSys, the parent company of MetaMask, this breach primarily affects those who interacted with customer support between August 1, 2021, and February 10, 2023.
What Happened?
The issue stems from unauthorized access to a third-party system that manages customer support requests. This breach potentially allowed malicious actors to view support tickets submitted by users. These tickets contained basic information like email addresses, but some users may have inadvertently included sensitive personal details.
Details of the Exposure
While customer service inquiries only required users to provide necessary information, the free text field gave way to unintended slips of personal info. According to the blog post, the data in question may include:
- Email addresses
- Name and surname
- Date of birth
- Phone numbers
- Postal addresses
ConsenSys clarified that it has not requested sensitive data in these conversations but admits that some users opted to disclose it voluntarily. Approximately 7,000 users could potentially be affected by this breach.
Phishing Alert
Following the incident, hardware wallet provider Keystone issued a warning. They’ve alerted MetaMask users to expect a surge in phishing emails, as attackers could utilize the email addresses obtained during the breach to target potential victims.
“Phishing is a scam that tricks a user into providing sensitive information, often through deceptive emails that appear to be from trustworthy sources.”
Steps Taken by ConsenSys
In response, ConsenSys is taking crucial steps to mitigate unauthorized access in the future. The company has contacted the Data Protection Commission of Ireland and the Information Commissioner’s Office of the UK regarding the matter. Moreover, they are working closely with its third-party customer support provider to conduct a thorough investigation with cybersecurity experts.
Understanding the Bigger Picture
This latest incident comes on the heels of heightened scrutiny over MetaMask’s approach to user data privacy. In late 2022, it faced backlash for logging users’ IP addresses. However, following user feedback, MetaMask updated its application to give users more control over the data shared with external providers.
In summary, if you’re a MetaMask user, keep a vigilant eye on your inbox for unusual emails and think twice before sharing sensitive information online!
