MetaMask, the widely-used Ethereum wallet, has fallen victim to a cybersecurity incident that has compromised the email addresses of some of its users. The breach occurred between August 1, 2021, and February 10, 2023, and was disclosed by parent company ConsenSys on April 14, 2023. Here’s everything you need to know about the incident.
Unauthorized Access to Third-Party Computer System
According to ConsenSys, the incident occurred due to unauthorized access to a third-party computer system that processed customer service requests. The breach allowed unauthorized actors to potentially view customer support tickets submitted by MetaMask users. While the tickets only requested the necessary information to resolve user issues, they did contain a free text field that some users may have used to submit personally identifying information.
Users at Risk of Phishing Attacks
Up to 7,000 MetaMask users who submitted customer support tickets during the affected period may have been impacted by the incident. The exposed email database could be used by attackers to launch phishing attacks, which can trick users into providing sensitive information to the attacker. Keystone, a hardware wallet provider, has warned MetaMask users to remain vigilant against phishing attempts.
Steps Taken to Eliminate Unauthorized Access
ConsenSys has taken steps to eliminate unauthorized access in the future, and tickets submitted after February 10, 2023, should be unaffected by the incident. The company has also reported the breach to the Data Protection Commission of Ireland and the Information Commissioner’s Office of the United Kingdom. Additionally, the company’s third-party customer service provider is working with a cybersecurity and forensics team to investigate the incident further.
Prior Privacy Concerns
This is not the first time that MetaMask has faced scrutiny over privacy concerns. In late 2022, the company revealed that it sometimes logged users’ IP addresses. However, it updated its app in March to give users more control over which providers could obtain this information.
Staying Safe in the Cryptocurrency Industry
The incident highlights the importance of cybersecurity in the cryptocurrency industry. As a user, it is essential to remain vigilant and take proactive steps to protect your personal information. This includes using strong and unique passwords, enabling two-factor authentication, and being cautious of phishing attempts. By taking these steps, you can help to safeguard your sensitive information and minimize the risk of falling victim to cyber threats.