There have been some malicious content discovered on some of the email addresses of various MetaMask users- which was a result of another cybersecurity incident. According to ConsenSys, the parent company, the incident affected users who had submitted a ticket for customer support to the company between 1st August, 2021, and 10th February, 2023. According to a blog post from the 14th of April, all the unauthorized actors gained access to a third party’s computer system which was then used to process the requests of customer service- which allowed them to view the customer support tickets that were submitted by the users.
MetaMask Users Have Suffered Phishing Scam
Interestingly, the tickets hadn’t asked for any information other than what was deemed necessary to help the MetaMask user- which included an email address in order to facilitate replies. However, they also included a free text–field, which certain users could have used to submit personally identifying information. This could have potentially included financial or economic information, surname, name, phone number, date of birth, and postal address. The parent company then emphasized that it would not be asking for any personally identifying information in its customer conversations- but there are some who might have provided it anyway.
The company has estimated that the breach could have affected up to 7,000 MetaMask users who had submitted customer support tickets. In response to the incident, Keystone- a hardware wallet provider- also warned that the users could receive more phishing emails due to the incident since the attacker might have used this database in order to look for potential victims. The parent company then mentioned that steps have been taken to eliminate the possibility of unauthorized access in the future.
