The email addresses of some MetaMask users may have been exposed to a malicious party due to a recently discovered cyber-security incident. According to parent company ConsenSys, the incident affected users who submitted a customer support ticket to MetaMask between August 1, 2021 and February 10, 2023.
According to the April 14 blog post, unauthorized actors gained access to a third party’s computer system that was used to process customer service requests, potentially allowing them to view customer support tickets submitted by MetaMask users.
These tickets did not ask for information other than what was necessary to help the user, including email address to facilitate replies. However, they did include a “free text-field,” which some users may have used to submit personally identifying information. This may have included “economic or financial information, name, surname, date of birth, phone number, and postal address,” the post stated.
Consensys emphasized that it does not ask for personally identifying information in customer conversations, but some may have provided it anyway.
The company estimates that the breach may have affected up to 7,000 MetaMask users who submitted customer support tickets.
In response to this incident, hardware wallet provider Keystone warned MetaMask users that some might receive more phishing emails due to the incident since the attacker may use this swiped email database to look for potential victims.
A third-party service provider that provides customer support ticketing services to ConsenSys was the target of a cyber-security incident⚠️ Be cautious of the potential increase in phishing emails moving forwardhttps://t.co/HswtDiK5EY
Phishing is a scam that tricks a user into providing sensitive
Read more on cointelegraph.com