Third-Party Cyber-Security Incident Exposes Personal Data of MetaMask Users
A cybersecurity incident involving a third-party service provider that provides technical customer support services to ConsenSys has potentially exposed personal data of a limited number of MetaMask users. The incident occurred when unauthorized actors gained access to the third-party service provider’s systems.
The incident has affected MetaMask users who submitted personal data to the customer support ticketing system between August 1, 2021, and February 10, 2023. The personal data potentially accessed includes email addresses, and depending on the user’s discretion, potentially sensitive information such as financial data, name, surname, date of birth, phone number, and postal address.
Approximately 7,000 users of customer support had their tickets accessed during the time period of the incident, which is a small percentage of the users who used customer support during that time. MetaMask browser extension and mobile app security were not affected by this incident, and users who did not submit personal data to MetaMask customer support using these ticketing services are unaffected.
ConsenSys, the parent company of MetaMask, has taken several measures to prevent a similar incident from happening in the future, including implementing enhanced third-party risk management programs across its services. ConsenSys has also completed a comprehensive forensic investigation into the incident and reported it to the Data Protection Commission of Ireland and the Information Commissioner’s Office in the UK.
MetaMask users are advised to be vigilant for any suspicious activity and unsolicited contacts that may be made to them by phone, text, email, or instant message. If suspicious of any request or message, users are advised not to open it, not to reply or click any links but delete it, and report any suspicious requests and messages to MetaMask.
Protecting the privacy of users and the safety of their data is at the core of ConsenSys’ enhanced program, and they are constantly looking at ways to improve existing measures to meet the highest level of security and data privacy. MetaMask users can be confident that their data is safe with MetaMask in the future, as ConsenSys has taken several measures to prevent a similar incident from happening again.
- MetaMask’s Latest Update Includes NFT View Feature For ERC-721 And 1155 Tokens
- MetaMask Denies Airdrop Rumors, Warns Against Scammers
- MetaMask Enables Direct Purchase Of Cryptocurrencies In 189 Countries