MetaMask wallet suffers a data breach, over 7,000 users affected

Updated: 15 April 2023

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

The crypto industry has just learned of another major breach, this time, the attackers have targeted a crypto wallet MetaMask. The data breach was reported by ConsenSys, which said that its best-known product was affected in a breach that targeted a third-party customer service provider rather than the app itself.

Provide complete information pic.twitter.com/hW0RbMSzsI

— samlogic.eth (@samlogic_) April 14, 2023

What happened?

According to the company’s announcement, the issue originally came to its attention in August 2021. However, it was only resolved in February 2023. The company claims that only those MetaMask users who contacted customer support in the mentioned period and who shared personal information are compromised. Everyone else should be safe.

The company noted that unauthorized actors managed to gain access to its third-party customer service provider between August 2021 and February 2023. Anyone who shared their personal data with the customer support during this period has likely had their data recorded by the attackers. While users are always recommended not to share their personal data if they can help, contacts with customer support usually require some limited personal information to be provided for the support team to provide help.

However, customers tend to overshare and type in additional information at their own discretion. ConsenSys’ blog post says that users may have entered details such as “economic or financial information, name, surname, date of birth, phone number, and postal address.”

The nature of the attack makes it difficult to determine who is at risk and who is safe precisely. According to the company, the data breach affected approximately 7,000 individuals around the world. ConsenSys’ investigation revealed that there are at least three users who suffered significant economic loss as a consequence of the incident.

BREAKING:

MetaMask security breach exposes 7,000 user data records

— whalechart (@WhaleChart) April 14, 2023

How did ConsenSys react to the incident?

In its blog post, ConsenSys said that the company had stopped the unauthorized access, and that the threat has ended. The company’s spokesperson said that ConsenSys’ first steps were to perform data gathering and an initial investigation, so that it could determine the veracity and criticality of the incident. This was followed by the implementation of containment measures.

Many have also wondered why did it take so long to resolve the issues if the breach was noticed in August 2021, and ConsenSys’ spokesperson said that “While it appears upon retroactive forensic investigation the malicious acts began in August of 2021, we needed to become aware of those acts and conduct an appropriate forensic investigation to determine the source.”

Since then, the company has hired a third-party forensic investigator to look into the matter and recommend the best measures to address and mitigate known or potential adverse effects of the incident. The company also shared details of the breach with the Data Protection Commission of Ireland and the Information Commissioner’s Office of the UK.

MetaMask users have suffered a number of security incidents in the past, and some have even lost their funds to hackers even after following all the usual steps of securing their assets to the letter. However, in this case, at least, ConsenSys insists that MetaMask itself was not breached or endangered in any way.

Smog (SMOG) - Meme Coin With Rewards

Rating