MetaMask, the popular crypto wallet, has recently fallen victim to a phishing attack that has caused the unauthorized access of personal information belonging to its users.
ConsenSys, the parent company of MetaMask, has confirmed that users who had submitted personal data to a third-party customer support service between August 1, 2021, and February 10, 2023, were affected by this incident.
According to a ConsenSys blog post, unauthorized parties managed to gain access to a computer system that was utilized to process customer service requests.
This allowed attackers to view tickets sent to the support service by MetaMask users and even download confidential information.
Some users have entered financial information, first name, last name, date of birth, phone numbers, and contact addresses in the electronic application form’s “free text field.”
Although the support team of MetaMask does not request personal information in conversations with customers, the presence of this free text field made it possible for attackers to compromise the personal data of approximately 7,000 MetaMask users.
ConsenSys assured its users that the browser extension and the security of the MetaMask mobile application were not affected by this incident.
In response to MetaMask’s criticism of updating the application’s security policy and collecting user IP addresses, ConsenSys CEO Joseph Lubin stated that the data collected is used solely for the purposes of routing and improving the crypto wallet services.