MetaMask User Data May Be Affected By Security Violations
JAKARTA - Several e-mail addresses of MetaMask users may have been accessed by unauthorized parties due to a newly discovered cybersecurity incident. According to ConsenSys' parent company, the incident affected users who submitted customer support tickets to MetaMask between August 1, 2021 and February 10, 2023.
According to a blog post on April 14, unauthorized actors gained access to third-party computer systems used to process customer service requests, allowing them to view customer support tickets submitted by MetaMask users.
🚨 A third-party service provider that provides customer support ticketing services to ConsenSys was the target of a cyber-security incident⚠️ Be cautious of the potential increase in phishing emails moving forwardhttps://t.co/HswtDiK5EY
— Keystone | Hardware Wallet (@KeystoneWallet) April 14, 2023
The ticket does not request information other than what is needed to help users, including email addresses to facilitate replies. However, tickets include free text fields, which some users may have used to send identifiable personal information. This may include "economic or financial information, name, last name, date of birth, phone number, and postal address", the post reads, quoted by Cointelegraph.
ConsenSys menekankan bahwa mereka tidak meminta informasi yang dapat mengidentifikasi pelanggan dalam percakapan pelanggan, tetapi beberapa pengguna mungkin telah menyediakannya dengan revolah.
The company estimates that the incident could affect up to 7,000 MetaMask users who apply for customer support tickets.
In response to this incident, hard wallet provider Keystone warned MetaMask users that some of them might receive more phishing emails because attackers can use stolen email databases to search for potential victims.
ConsenSys said they had taken steps to eliminate future unauthorized access. As a result, tickets proposed after February 10 were not affected by this incident. The company also contacted the Data Protection Commission of Ireland and Information Commissioner's Office of the United Kingdom to report violations. In addition, third-party customer service providers are working with cybersecurity and forensics teams to conduct a more detailed investigation into this incident.
MetaMask has come under fire from privacy advocates at the end of 2022 when they reveal that they sometimes log the user's IP address. However, they updated its app in March to give users more control over which providers can get this information.