ConsenSys announces data breach impacting over 7,000 MetaMask users. According to parent company ConsenSys, a number of MetaMask users’ email addresses were exposed in a recent data leak.
Keynotes
- ConsenSys Announces a Data Breach Affecting Over 7,000 MetaMask Users.
- The firm’s report specifies who is at risk and what kind of information may have been compromised.
On April 14, ConsenSys stated that one of its most well-known products, the MetaMask crypto wallet, had experienced a data breach. The attack was launched at a third-party customer service provider rather than the MetaMask wallet program itself.
According to ConsenSys, the problem affected a small number of MetaMask users who submitted customer support tickets between August 1, 2021, and February 10, 2023. According to the company, the data leak affected around 7,000 users.
The company claims that MetaMask users who did not contact customer care during the relevant period are unaffected. Users who contacted MetaMask Help but did not reveal personal information are also safe.
ConsenSys did highlight, however, that users may have supplied more personal information in other form fields available, such as “economic or financial information, name, surname, date of birth, phone number, and postal address.” The attack targeted a third-party service used by ConsenSys to manage customer support tickets.
According to ConsenSys, unauthorized access has been terminated, and the “threat is no longer ongoing.” It stated that it had reported the event to authorities and that it is still working with the support provider, which is looking into the matter.
Given that the company discovered the data breach in August 2021, some may wonder why it took a year and a half to resolve the issue.
“While it appears upon retroactive forensic investigation, the malicious acts began in August of 2021, we needed to become aware of those acts and conduct an appropriate forensic investigation to determine the source,” said a spokesperson to BeInCrypto.
“ConsenSys then engaged a third-party forensic investigator to perform a comprehensive forensic investigation and took measures to address and mitigate known or possible adverse effects of the incident,” the spokesperson added.
Numerous cryptocurrency companies have experienced email address leaks throughout the years. In the case of Metamask, these breaches do not provide attackers with immediate access to the target’s wallet. Attackers, on the other hand, can gain access to important information kept in users’ emails or via phishing scams.
Users of MetaMask should be cautious about any emails they receive in the near future.
