The security breach in question impacted those who filed a MetaMask customer assistance request between August 1, 2021, and February 10, 2023.

ConsenSys, the parent company of MetaMask, recently disclosed a cybersecurity incident that potentially compromised some users’ email addresses. This breach was specifically reported to have affected those who sought customer support from MetaMask during the specified period.

In an April 14 blog post, it was revealed that unauthorized individuals managed to infiltrate a third-party system responsible for handling customer service queries. This intrusion potentially granted them access to MetaMask users’ support tickets.

The tickets requested only necessary information to aid the user, primarily an email address for response purposes. However, they included a “free text-field,” which some users might have used to provide personal data, such as “financial details, full names, birth dates, phone numbers, and residential addresses,” as the post clarified.

ConsenSys underscored that it doesn’t solicit personal identification data in customer interactions, although some users may have voluntarily provided it.

The firm estimates that the data breach could have potentially impacted approximately 7,000 MetaMask users who filed customer support requests.

Following this occurrence, hardware wallet provider Keystone alerted MetaMask users to anticipate an increase in phishing emails, given the attacker might exploit the stolen email list to target potential victims.

Phishing is a deceitful tactic where victims are manipulated into disclosing sensitive information to a cyber attacker. Typically, this is executed via emails that appear to originate from a trustworthy entity or known contact.

ConsenSys stated it has implemented measures to prevent such unauthorized intrusions in the future. Consequently, tickets submitted post-February 10 should be unscathed by this incident. The firm also reported the breach to the Data Protection Commission of Ireland and the Information Commissioner’s Office of the United Kingdom. Moreover, its third-party customer service provider is collaborating with a cybersecurity and forensics team to conduct a comprehensive investigation into the incident.

MetaMask faced criticism from privacy advocates in late 2022 following its confession of occasionally logging users’ IP addresses. Nonetheless, an update to the app in March allowed users to exert greater control over which providers could access this information.