MetaMask email address leak affects 7,000 users
The data leak was the result of an attack on a third-party support provider.
A number of MetaMask users have had their email addresses exposed through a recent data leak, according to parent company ConsenSys on April 14.
MetaMask experiences data leak
ConsenSys said that the issue affected a small portion of MetaMask users who submitted customer support tickets between August 1, 2021, and February 10, 2023.
About 7,000 users were affected by the data leak, the company said.
The affected support forms only explicitly requested user email addresses, meaning that this only the only data that necessarily leaked. However, ConsenSys also noted that users may have entered other personal information in other form fields.
The attack was aimed at a third-party service that ConsenSys uses to handle its customer support tickets. It did not affect the MetaMask wallet software itself.
ConsenSys said that unauthorized access has been revoked and assured users that the “threat is no longer on-going.” It said that it has reported the incident to authorities and noted that it continues to engage with the support provider, which is investigating the issue.
ConsenSys did not disclose the name of its support provider.
Email address leaks, phishing are common
Numerous crypto companies have experienced email address leaks in recent years.
Notably, crypto exchange BitMEX leaked 30,000 email addresses in 2019. Later, the hardware wallet firm Ledger leaked certain user data including email addresses in 2020. Celsius and OpenSea saw email addresses leaked in interrelated attacks in 2022.
Email address leaks do not provide any way for attackers to directly access the target’s wallet. However, attackers can use email addresses in phishing scams that trick wallet users into exposing their account data and login information.
In fact, MetaMask users are frequent targets of phishing scams. This year alone, the wallet has seen one other phishing campaign and warned of a possible second.
As such, MetaMask users should be wary of any emails received in the near future.