MetaMask developers, ConsenSys, announced on Friday that a cyber attack on one of its third-party service providers led to the leak of personal details of over 7,000 of its customers. ConsenSys confirmed the attack affected users who submitted their details to MetaMask customer support between August 1, 2021, and February 10, 2023.
The details revealed during the attack span, according to ConsenSys, were limited, as the personal data the company’s customer service asks on request for a technical intervention was the account’s email address. However, the software firm also noted that it provides optional “free-text” boxes where users can provide additional information like date of birth, name, surname, financial information, phone numbers, etc.
MetaMask is a popular decentralized exchange that boasts over 10 million users. Launched in 2016, the crypto wallet service provider has gained traction for its Ethereum-focused nature and ability to connect to cold wallets. MetaMask’s users were recently caught in a sham when random Twitter users publicized an incoming airdrop from the wallet providers; however, a tweet from the firm was all it took to demystify the growing rumor.
Browser Extension and Mobile App Not Compromised
ConsenSys clarified that MetaMask’s browser web extension and mobile app users are not included in the security breach. The attack also did not affect MetaMask users who did not submit their details to the MetaMask customer support ticketing system between the aforementioned dates.
ConsenSys noted that it first recorded the situation on August 2021, and reported the issue to regulators. The software firm informed the Data Protection Commission of Ireland and the Information Commissioner’s Office in the United Kingdom about the breach.
MetaMask’s ConsenSys Assures Users
To calm the situation, ConsenSys has assured users it has conducted a forensic investigation of the incident and has implemented plans to prevent future reoccurrences. The software company stated that it is currently implementing enhanced third-party risk management across its services.
ConsenSys also encouraged users to be more self-aware of suspicious activities or requests for personal information regarding their accounts, encouraging them to report all such cases to the MetaMask help center.
