Blockchain software firm Consensys announced on Friday that thousands of MetaMask users who contacted customer support between August 2021 and February 2023 were targeted in a personal data breach.
The breach affected an estimated 7,000 individuals and resulted in private information, such as email addresses, being compromised. However, MetaMask’s browser extension and mobile app users were not impacted.
Consensys explained in a blog post that fraudsters targeted a third-party service provider used by MetaMask to create customer support tickets. This unauthorized access enabled the personal data to be seized. The company stated that the incident is no longer ongoing and that they have stopped the unauthorized access.
The compromised data mostly include “limited” personal information necessary to identify customers for support needs, but users may have shared additional information via the chat function that was seized. While Consensys has taken steps to secure the data, affected users may be targeted in future phishing scams.
The rise in crypto-related phishing attempts and schemes is concerning. Cybersecurity firm Kaspersky Lab revealed that there was a 40% increase in phishing attacks in 2022 year-over-year. Therefore, customers should remain vigilant of suspicious activity and unsolicited contacts by phone, text, email, or instant message.
