Blockchain software firm Consensys has disclosed a personal data breach involving thousands of MetaMask users who contacted customer support over an 18-month period. In a blog post, Consensys stated that an estimated 7,000 individuals had their private information, such as email addresses, compromised between August 2021 and February 2023. However, the incident did not impact MetaMask’s browser extension and mobile app users.
Fraudsters targeted a third-party service provider used by MetaMask to create customer support tickets, which led to the unauthorized access of personal data. The compromised data mainly includes “limited” personal information needed to identify customers for support needs, but users could have shared additional information in the chat function that was seized.
Consensys has stopped the unauthorized access, but it acknowledges that affected users may be targeted in future phishing scams. The company has reported the incident to the Data Protection Commission of Ireland and the Information Commissioner’s Office in the UK.
Rise in Crypto-Related Phishing Attempts and Schemes
The MetaMask data breach is a timely reminder of the risks associated with the rise of crypto-related phishing attempts and schemes. Cybersecurity firm Kaspersky Lab reported a 40% increase in phishing attacks year-over-year in 2022.
Users should remain extremely vigilant for any suspicious activity and unsolicited contacts by phone, text, email, or instant message. If there is any doubt about the authenticity of a request or message, it is best to delete it and not reply or click on any links.