The email addresses of some Metamask users may have been exposed to malicious actors due to a recently discovered cyber security incident. According to the parent company ConsenSys, the incident affected users who submitted support requests to Metamask between August 1, 2021, and February 10, 2023.
As per the blog post on April 14, unauthorized individuals gained access to a third-party computer system used for processing customer service requests, which potentially allowed them to view the support tickets sent by Metamask users.
These tickets did not request any information beyond what was necessary to help the user, including an email address to facilitate responses. However, they included a free-text field that some users may have used to send personal information.
“This could include economic or financial information, name, date of birth, phone number, and mailing address,” the post said.
ConsenSys emphasized that it does not request personal information in conversations with customers, but some may have still provided it.
The company estimates that up to 7,000 Metamask users who submitted customer support requests may have been affected by the security breach.
In response to the incident, the Keystone hardware wallet provider warned Metamask users that some of them may receive more phishing emails due to the incident, as attackers may use this email database to find potential victims.