ConsenSys, owner of crypto wallet MetaMask, has revealed that a third-party service provider that provides technical customer support services to the company was targeted in a cybersecurity incident.
The attack was limited to users who submitted their personal data to MetaMask customer service between August 1, 2021 and February 10, 2023.
According to ConsenSys, only those who submitted their personal information to the support team were affected by the data leak.
According to ConsenSys, the MetaMask browser extension and mobile app security were not affected. Only a certain number of users who submitted their personal data to the customer support notification system were affected. Users who did not send personal data to MetaMask customer support during this time were not affected.
ConsenSys estimates that the personal data of approximately 7,000 users worldwide may have been accessed by an unauthorized third party. The company took measures to stop the unauthorized access and reported the matter to the Irish Data Protection Commission and the UK Information Commissioner.
In addition, ConsenSys executives have taken measures to prevent similar incidents in the future, including an enhanced third-party risk management program across its services. The company urged users to be vigilant and report any suspicious activity.
MetaMask support was requesting limited personal data necessary to provide support functionality, such as email addresses. Users could enter any information that could constitute personal data, including financial information, name, surname, date of birth, telephone number and postal address, depending on the message sent.
*Not investment advice.