The email addresses of a number of MetaMask users were recently exposed in a data breach, parent company ConsenSys reported April 14.
MetaMask Email Address Leak has Affected 7,000 Users
According to ConsenSys, the issue affected a small subset of MetaMask users who submitted customer support tickets between August 1, 2021 and February 10, 2023. According to the company, about 7,000 users were affected by the data breach. The affected support forms only explicitly asked for users’ email addresses, meaning that this is just the only data that was necessarily leaked. However, ConsenSys also found that users may have entered other personal information into other form fields.
An attack was directed against a third-party service that ConsenSys uses to process customer support requests. The MetaMask wallet software itself was not affected. ConsenSys said the unauthorized access had been revoked, assuring users that “the threat no longer exists”. It stated that they had reported the incident to authorities and noted that they are continuing to work with the support provider who is investigating the issue. ConsenSys has not disclosed the name of its support provider.
In recent years, many crypto companies have experienced email address leaks. Specifically, BitMEX crypto exchange leaked 30,000 email addresses in 2019. Later in 2020, hardware wallet company Ledger leaked certain user data, including email addresses. Both Celsius and OpenSea experienced email leaks in similar attacks in 2022. Leaked email addresses do not provide attackers with direct access to the target’s wallet. However, attackers can use email addresses for phishing attacks that trick wallet users into revealing their account details and login credentials.
In fact, MetaMask users often fall victim to phishing. Only this year did the wallet survive another phishing campaign and warn of a possible second one.Therefore, MetaMask users should be careful when receiving emails in the near future.
Source
Check out more of our latest news here
Leave a comment