Investing

MetaMask Users Who Sought Technical Support Get Their Information Compromised

Tim Fries

Published: April 17, 2023 3:20 am

Last Updated: April 17, 2023 12:22 pm

On Friday, April 14th, ConsenSys published a Q&A detailing a “data security incident” that endangered the personal information of MetaMask users that opened technical support tickets. The vulnerability was active between August 2021, and February 2023, and occurred due to the hack of a third-party service provider.

7,000 MetaMask Users Exposed to a “Data Security Incident”

A recently published Q&A revealed that a third-party service provider offering technical customer support to ConsenSys was the target of a multi-year data security incident. While the issue is now described as contained, MetaMask users that submitted a support ticket between August 2021, and February 2023, have been affected.

A third-party service provider that provides customer support ticketing services to ConsenSys was the target of a cyber-security incident. The incident occurred when unauthorised actors gained access to the third-party service provider’s systems. As a result of this incident, MetaMask users who submitted personal data to our customer support may have had that data accessed by an unauthorised third party.

ConsenSys revealed that it can’t identify the exact users whose personal information has been compromised due to the lack of precise data, but stated that around 7,000 customers are at risk. The company, however, pointed out that only users who submitted their personal information to technical support are potentially in danger and highlighted that neither the MetaMask browser extension nor the mobile app were affected.

The company reported the issue to the Information Commissioner’s Office in the UK and the Data Protection Commission of Ireland. This is the second time in less than six months that ConsenSys was forced to address MetaMask-related privacy concerns. In December, the company made changes enabling users to easily replace Infura after it was revealed that it was collecting users’ IP addresses upon every MetaMask transaction.

Hacks and Scams in the Digital Assets Industry

Considering that the digital assets industry is still relatively new, and undergoing continuous development, it perhaps isn’t surprising that various kinds of hacks and scams are relatively commonplace. For example, around $3.7 billion was stolen in crypto hacks in 2022 alone with just ten “mega hacks” accounting for about 75% of all lost assets.

So far, 2023 is proving similarly damaging with several high-profile hacks taking place in the first quarter. As recently as the start of this week, a South Korean cryptocurrency exchange lost 23% of its total assets in a single attack. Web3 security platforms have also reported fighting back against attacks on their own services with Wallet Guard recently revealing it has been under a high-intensity DDoS attack for many days in mid-March.

The year also saw several cryptocurrency-adjacent hacks. In a single week in January, the Twitter accounts of the online broker Robinhood, and of the NFT project Azuki were both compromised and used to promote different digital assets scams. Not long after, the official account of an Indian government official was hijacked and used in a similar way for multiple days.

This article originally appeared on The Tokenist