{"id":18052,"date":"2023-04-17T00:34:35","date_gmt":"2023-04-17T00:34:35","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/metamask-third-party-provider-hacked-exposing-email-addresses\/"},"modified":"2023-04-17T00:34:37","modified_gmt":"2023-04-17T00:34:37","slug":"metamask-third-party-provider-hacked-exposing-email-addresses","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/metamask-third-party-provider-hacked-exposing-email-addresses\/","title":{"rendered":"MetaMask third-party provider hacked, exposing email addresses"},"content":{"rendered":"

<\/p>\n

\n

The email addresses of some MetaMask users may have been exposed to a malicious party due to a recently discovered cybersecurity incident. According to parent company ConsenSys, the incident affected\u00a0users who submitted a customer support ticket to MetaMask between August 1, 2021 and February 10, 2023.<\/p>\n

According to the April 14 blog post, unauthorized actors gained access to a third party\u2019s computer system that was used to process customer service requests, potentially allowing them to view customer support tickets submitted by MetaMask users. <\/p>\n

These tickets did not ask for information other than what was necessary to help the user, including an email address to facilitate replies. However, they did include a \u201cfree text-field,\u201d which some users may have used to submit personally identifying information. This may have included \u201ceconomic or financial information, name, surname, date of birth, phone number, and postal address,\u201d the post stated.<\/p>\n

ConsenSys emphasized that it does not ask for personally identifying information in customer conversations, but some may have provided it anyway.<\/p>\n

The company estimates that the breach may have affected up to 7,000 MetaMask users who submitted customer support tickets.<\/p>\n

In response to this incident, hardware wallet provider Keystone warned MetaMask users that some might receive more phishing emails due to the incident since the attacker may use this swiped email database to look for potential victims.<\/p>\n

\n

A third-party service provider that provides customer support ticketing services to ConsenSys was the target of a cyber-security incident<\/p>\n

\u26a0\ufe0f Be cautious of the potential increase in phishing emails moving forwardhttps:\/\/t.co\/HswtDiK5EY<\/p>\n

\u2014 Keystone | Hardware Wallet (@KeystoneWallet) April 14, 2023<\/a><\/p><\/blockquote>\n

Phishing is a scam that tricks a user into providing sensitive information to an attacker. It is often performed by sending an email to the victim that appears to be from a trusted party or someone the victim knows.<\/p>\n

Related: <\/strong>MetaMask launches new fiat purchase function for cryptocurrency<\/strong><\/em><\/p>\n

ConsenSys said it had taken steps to eliminate unauthorized access in the future. As a result, tickets submitted after February 10 should be unaffected by the incident. The company also contacted the Data Protection Commission of Ireland and the Information Commissioner\u2019s Office of the United Kingdom to report the breach.\u00a0In addition, the company\u2019s third-party customer service provider is working with a cybersecurity and forensics team to perform a more detailed investigation of the incident.<\/p>\n

MetaMask came under fire from privacy advocates in late 2022 when it revealed that it sometimes logged users\u2019 IP addresses. However, it updated its app\u00a0in March to give users more control over which providers could obtain this information.<\/p>\n<\/div>\n