Bankless Times
Thousands Affected in MetaMask Data Breach
HomeNewsThousands Affected in MetaMask Data Breach

Thousands Affected in MetaMask Data Breach

DeFi
Daniela Kirova
Daniela Kirova
April 15th, 2023
Why trust us
Advertiser Disclosure
  • The incident impacted users who gave their personal data to MetaMask via support tickets
  • Around 7,000 MetaMask users worldwide were impacted

A cybersecurity incident targeting MetaMask, a leading Ethereum-based wallet that provides technical customer support services to its parent company ConsenSys, affected 7,000 users’ data, ConsenSys wrote in a blog post.

The incident impacted users who gave their personal data to MetaMask via support tickets between August 1, 2021 and February 10 this year.

MetaMask security is unaffected

MetaMask’s mobile app and browser extension were not affected by the data breach, which took place when unauthorized entities gained access to MetaMask’s systems.

What data was accessed?

While MetaMask support requests only the bare minimum in the way of personal data – just those needed to provide support – MetaMask’s tickets include a free text field, in which users are free to enter whatever information they want.

This might include their first and last name, economic or financial information, date of birth, phone number, and even mailing address according to ConsenSys.

While MetaMask does not request this type of personal data as part of providing support services, it does ask for an email, and having your email hacked does enough damage on its own.

How many were affected?

ConsenSys wrote that they were unable to technically identify each individual user whose data may have been accessed, so they sent out a notification to all users who had contacted the wallet’s support during the respective time period. It is estimated that around 7,000 MetaMask users worldwide were impacted.

What measures were taken?

To avoid incidents like this from happening again, ConsenSys has engaged in implementing an enhanced third-party risk management program across its services.The threat no longer exists as the platform took measures to stop the unauthorized access.

They have also reported the incident to the respective authorities – the Information Commissioner’s Office of the UK and the Data Protection Commission of Ireland.

This is not the first breach suffered by MetaMask. In 2021, scammers made away with at least half a million dollars, using Google ads to reach users of MetaMask and of crypto exchange Pancake.

Contributors

Daniela Kirova
Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.