News

MetaMask: Unathorized third party gained access to 7000 users data

MetaMask fell victim to a phishing attack which led to an unauthorized third-party gaining access to personal information of users.

Published

on

Source: Unsplash

— ConsenSys third-party service provider was a victim of a cyber security incident

— This resulted in an unauthorized third party gaining access to around 7000 MetaMask users’ data, spanning for years

The cryptocurrency market has been in the headlines for crypto leaks and hacks. MetaMask – a leading Ethereum [ETH] wallet – was caught in the midst of a cyber security incident.

According to an announcement by ConsenSys – the parent company of MetaMask – an unnamed third-party service provider was a victim in a cyber security incident. This may have resulted in “an unauthorized third party” gaining access to customers’ personal data.

ConsenSys has taken up the matter with the Data Protection Commission of Ireland and the Information Commissioner’s Office of the UK. The firm is also working with and continuing to use the services of the targeted third-party service provider. The blog post said,

“The incident was limited to users who submitted personal data to MetaMask customer support using the third-party customer support ticketing services.”

MetaMask users’ personal information

Notably, the firm stated that around 7000 users worldwide could have been affected by this incident. And the impacted users were narrowed to those who sent their personal data via customer support. This was particularly during the timeframe of 1st August 2021 to 10th February 2023. The blog post on the same read

,

“It is important to note that the MetaMask browser extension and mobile app security were not affected by this incident. MetaMask users are unaffected if they did not submit personal data to MetaMask customer support ticketing system.”

The information leaked could include financial information, name, date of birth, postal address, and phone number. The company did highlight that most of this information is not requested by its support service system. Moreover, the blog post stated that the affected users could not be identified individually because of “limited data collection.”

MetaMask at the center of attacks

This kind of incident is not the first for the Ethereum wallet service provider. In February 2023, a hacker of Namecheap – a web hosting company – sent also unauthorized emails targeting MetaMask users.

As a result, the wallet provider immediately put out a warning to users about the phishing attempt. The warning stated that it “does not collect KYC info” and advised users to never enter their wallet seed phrase on a website.

Moreover, recently, MetaMask had to clear the air about an airdrop that would have taken place on 31st March 2023. Rumors about an airdrop started circulating in the market after ConsenSys co-founder – Joseph Lubin – stated that the firm was considering a token launch in its push for decentralization.

However, it resulted in several scammers, posing as MetaMask, taking over social media claiming there would be a “MASK” token airdrop. To this, MetaMask stated on Twitter that these rumors were not only false but also dangerous.