According to MetaMask’s parent company ConsenSys, users of a third-party service provider that provides customer support were subjected to a phishing attack.
“The incident was limited to a certain number of users who submitted personal data to MetaMask customer support between August 1, 2021 and February 10, 2023,” ConsenSys said.
According to a ConsenSys blog post, some unauthorized parties gained access to a computer system that was used to process customer service requests. This allowed attackers not only to view tickets sent to the support service by MetaMask users, but also to download confidential information.
ConsenSys said that the support team never asks for personal information in conversations with customers. However, the electronic application form provides a “free text field” where some users have entered financial information, as well as first name, last name, date of birth, phone numbers and contact addresses. The company estimates that as a result of a phishing attack, the personal data of 7,000 MetaMask users could have been compromised.
According to ConsenSys support, the incident did not affect the browser extension and the security of the MetaMask mobile app.
Earlier, in response to MetaMask’s criticism of updating the application’s security policy and collecting user IP addresses, ConsenSys CEO Joseph Lubin said that the data obtained is used solely for the purposes of routing and improving crypto wallet services.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
