The Metamask Third-Party Provider Was Hacked, Leading To The Exposure Of Email Addresses

Due to a newly revealed cyber-security problem, the email addresses of certain MetaMask users may have been disclosed to a hostile party. The problem affected consumers who sent a customer support request to MetaMask between August 1, 2021, and February 10, 2023, according to parent firm ConsenSys.

‍

Unauthorized actors got access to a third party's computer system that was used to handle customer care requests, potentially allowing them to examine customer support issues sent by MetaMask users, according to the April 14 blog post.

‍

These tickets did not request any information other than what was required to assist the user, such as an email address to allow answers. They did, however, contain a "free text field" that some users may have utilized to input personally identifiable information. According to the article, this might have included "economic or financial information, name, surname, date of birth, phone number, and postal address."

‍

Consensys stressed that the company does not request personally identifying information from customers, although some may have supplied it nevertheless.

‍

‍

According to the firm, the hack may have affected up to 7,000 MetaMask customers who have sent customer support queries.

‍

As a result of this issue, hardware wallet provider Keystone informed MetaMask customers that they may get further phishing emails as a result of the event, since the attacker may utilize the stolen email information to seek future victims.

‍

Phishing is a type of fraud in which a user is duped into disclosing sensitive information to an attacker. It is frequently carried out by sending the victim an email that looks to be from a trustworthy party or someone the victim knows.

‍

Consensys stated that it has taken efforts to prevent future illegal access. As a consequence, tickets submitted after February 10 should be impacted. They have also reported the incident to the Data Protection Commission of Ireland and the Information Commissioner's Office of the United Kingdom. Moreover, the company's third-party customer care provider is collaborating with a cyber-security and forensics team to conduct a more thorough examination of the event.

‍

In late 2022, MetaMask came under criticism from privacy groups after it disclosed that it occasionally logged users' IP addresses. Nevertheless, in March, it changed its app to allow customers more discretion over which providers could access this information.

‍