7,000 MetaMask Users Targeted in Security Breach, Consensys Says
Are you a MetaMask user? If so, you might want to pay attention to this news. π±
According to a blog post by Consensys, the blockchain software firm behind MetaMask, thousands of MetaMask users who contacted customer support over an 18 month period were targeted in a personal data breach. π²
An estimated 7,000 individuals had private information, such as email addresses, compromised between August 2021 and February 2023. π¨
How did this happen? π€
Fraudsters targeted a third-party service provider
Consensys said that the incident occurred when unauthorized actors gained access to the systems of a third-party service provider that MetaMask uses to create customer support tickets. π΅οΈββοΈ
As a result of this incident, MetaMask users who submitted personal data to their customer support may have had that data accessed by an unauthorised third party. π‘
Compromised data mostly includes βlimitedβ personal information needed to identify customers for support needs, the company said, but users could have shared additional information in the chat function that was seized. π
What are the risks for affected users?
Consensys has stopped the unauthorized access, it said, and the threat is no longer ongoing. π
However, affected users may be targeted in future phishing scams, the company acknowledged, noting that customers should be aware of potential threats. π°
βAs always, we ask that you be extremely vigilant for any suspicious activity and unsolicited contacts which may be made to you by phone, text, email or instant message,β the post said. βIf you are suspicious of any request or message, do not open it and do not reply or click any links but delete it.β π«
How to protect yourself from phishing attacks?
Phishing attacks are attempts to trick you into revealing sensitive information or connecting your wallet to malicious websites. π
Here are some tips to avoid falling victim to phishing attacks: π
- Never share your secret recovery phrase (SRP) with anyone. This is the 12-word phrase that you use to restore your wallet. If someone asks for it, they are trying to steal your funds. π
- Never enter your SRP on any website or app other than MetaMask. Always check the URL and make sure it is https://metamask.io/ before entering your SRP. π
- Never click on links or open attachments from unknown or suspicious sources. They may lead you to fake websites that look like MetaMask but are actually phishing sites. π
- Always verify the sender's identity and email address before responding to any messages. Phishers may use spoofed email addresses or impersonate MetaMask staff or partners. π΅οΈββοΈ
- Always use a hardware wallet such as Ledger or Trezor to secure your funds. Hardware wallets store your private keys offline and require your physical confirmation before signing any transactions. π
- Always update your MetaMask app and browser extension to the latest version. This will ensure that you have the most recent security features and bug fixes. π
- Always report any suspicious activity or phishing attempts to MetaMask support at support@metamask.io or via their official website https://metamask.io/support.html π¬
The security breach comes as users report a rise in crypto-related phishing attempts and schemes.
This is not the first time that MetaMask users have faced security issues. In January 2022, a cryptographer warned that he had found a critical vulnerability in MetaMask that gives hackers a way to access users' IP addresses, thus creating a privacy risk. π±
In September 2022, MetaMask also warned its users about a surge in phishing attacks that tried to steal their SRPs by sending fake emails or text messages. π²
The security breach also comes at a time when MetaMask is experiencing a rapid growth in its user base and popularity. π
MetaMask is a software cryptocurrency wallet that allows users to interact with the Ethereum blockchain and access various decentralized applications (DApps). π
In November 2021, Consensys announced that MetaMask had surpassed 21 million monthly active users (MAUs), a 10x increase from the previous year. π
MetaMask also raised $200 million in a Series B funding round led by Coatue Management, valuing the company at $3.2 billion. π°
MetaMask has become one of the most widely used and trusted wallets in the crypto space, offering features such as token swap, fiat on-ramp, custom network settings, and gas fee optimization. π―
What are the next steps for MetaMask and Consensys?
Consensys said that it has reported the incident to the Data Protection Commission of Ireland and the Information Commissioner's Office in the UK, and that it is working with law enforcement authorities to investigate the breach. π΅οΈββοΈ
Consensys also said that it is taking steps to enhance its security measures and prevent future incidents. π‘οΈ
βWe take our responsibility to safeguard your personal data very seriously and we are committed to protecting your privacy,β the post said. βWe sincerely apologize for any inconvenience or concern this incident may have caused you.β π
MetaMask users who have been affected by the breach will receive an email from Consensys with more details and guidance on how to protect themselves. π§
If you have any questions or concerns, you can contact MetaMask support at support@metamask.io or via their official website https://metamask.io/support.html π¬
The Bottom Line
The security breach of MetaMask customer support data is a serious issue that affects thousands of users who may be vulnerable to phishing attacks. π±
MetaMask and Consensys are taking actions to stop the unauthorized access, notify the affected users, report the incident to the authorities, and improve their security practices. π
MetaMask users should be vigilant for any suspicious activity and unsolicited contacts, and follow the tips to avoid falling victim to phishing attacks. π«
MetaMask is still one of the best wallets for interacting with Ethereum and Web3, and has a loyal and growing user base. π―
We hope that this article has provided you with useful information and insights on this topic. π
If you liked this article, please share it with your friends and family who may be interested in crypto and MetaMask. π