Email addresses were exposed after MetaMask's third-party provider suffered a hack.

2023-04-15

Summary:
  • MetaMask users who submitted a customer service ticket from August 1, 2021 and February 10, 2023 may have had their email addresses exposed in a cyber-security incident.
  • Unauthorized actors gained access to a third party's computer system that processed MetaMask's customer service requests.
  • The breach may have affected up to 7,000 MetaMask users who submitted customer support tickets.
  • Some users may have submitted personally identifying information such as "economic or financial information, name, surname, date of birth, phone number, and postal address."
  • Metamask provider, ConsenSys, does not ask for personally identifying information in customer conversations.
  • In response, Keystone warned MetaMask users that phishing attacks might increase since the attacker may use the stolen email database.
  • Consensys took steps to eliminate unauthorized access in the future, and contacted the Data Protection Commission of Ireland and the Information Commissioner's Office of the United Kingdom to report the breach.
  • The company's third-party customer service provider is working with a cyber-security and forensics team to perform a more detailed investigation of the incident.
  • MetaMask users previously criticized the platform for logging users' IP addresses. The app was updated in March 2023 to give users more control over which providers can obtain this information.


Full article:

The incident affected users who submitted a MetaMask customer service ticket between August 1, 2021 and February 10, 2023.

The email addresses of some MetaMask users may have been exposed to a malicious party due to a recently discovered cyber-security incident. According to parent company ConsenSys, the incident affected users who submitted a customer support ticket to MetaMask between August 1, 2021 and February 10, 2023.

According to the April 14 blog post, unauthorized actors gained access to a third party’s computer system that was used to process customer service requests, potentially allowing them to view customer support tickets submitted by MetaMask users.

These tickets did not ask for information other than what was necessary to help the user, including email address to facilitate replies. However, they did include a “free text-field,” which some users may have used to submit personally identifying information. This may have included “economic or financial information, name, surname, date of birth, phone number, and postal address,” the post stated.

Consensys emphasized that it does not ask for personally identifying information in customer conversations, but some may have provided it anyway.

The company estimates that the breach may have affected up to 7,000 MetaMask users who submitted customer support tickets.

In response to this incident, hardware wallet provider Keystone warned MetaMask users that some might receive more phishing emails due to the incident since the attacker may use this swiped email database to look for potential victims.

Phishing is a scam that tricks a user into providing sensitive information to an attacker. It is often performed by sending an email to the victim that appears to be from a trusted party or someone the victim knows.

MetaMask launches new fiat purchase function for cryptocurrency

Consensys said it had taken steps to eliminate unauthorized access in the future. As a result, tickets submitted after February 10 should be unaffected by the incident. They have also contacted the Data Protection Commission of Ireland and the Information Commissioner’s Office of the United Kingdom to report the breach. In addition, the company’s third-party customer service provider is working with a cyber-security and forensics team to perform a more detailed investigation of the incident.

MetaMask came under fire from privacy advocates in late 2022 when it revealed that it sometimes logged users’ IP addresses. However, it updated its app in March to give users more control over which providers could obtain this information.



Source: cointelegraph.com

Promoted Promote

Promoted
Promote
Name Symbol SYM Chain Market Cap Launch Votes