Personal data of 7000 MetaMask wallet users compromised

MetaMask customers have fallen victim to a phishing attack that resulted in unauthorized access to their personal information.

According to a statement from ConsenSys, MetaMask’s parent company, the phishing attack was carried out through a third-party service provider that provides technical support to customers.

«The incident was limited to a certain number of users who sent personal data to MetaMask customer support between August 1, 2021, and February 10, 2023,» ConsenSys said.

According to a ConsenSys blog post, some unauthorized entities gained access to a computer system used to process customer service requests. This allowed the attackers not only to view the requests sent to the support service by MetaMask users, but also to download confidential information.

ConsenSys stated that the support team never asks for personal information in conversations with customers. However, the online application form provides a «free text field» where some users entered financial information, as well as first name, last name, date of birth, phone numbers, and contact addresses. The company estimates that the phishing attack may have compromised the personal data of 7,000 MetaMask users.