ConsenSys, the parent company of Ethereum wallet MetaMask, has revealed the occurrence of a cyber-security incident, which targeted a third-party service provider that provides technical customer support services to the company. The incident involved unauthorized actors gaining access to the service provider’s system; however, it was limited to a certain number of users who submitted personal information to MetaMask customer support between Aug. 1, 2021, and Feb. 10, 2023.
“The incident was limited to users who submitted personal data to MetaMask customer support using the third-party customer support ticketing services,” ConsenSys said on its website. “Due to limited data collection, we cannot technically identify each individual user whose data may have been accessed.
“As a result, a notice was sent to all users who contacted MetaMask customer support during the affected period. We estimate that approximately 7,000 users worldwide were affected by the incident.”
ConsenSys has taken several measures to address the incident, including reporting the incident to the Data Protection Commission of Ireland and the Information Commissioner’s Office of the UK. Additionally, the company’s customer service provider is working with a team of forensics and cybersecurity experts to further investigate the breach.
The company assured its users that it has put measures in place to protect their data and prevent this incident from repeating in the future.
“ConsenSys completed a comprehensive forensic investigation into the incident and implemented measures to prevent similar incidents from happening in the future,” a post on the company’s site read. “In addition, ConsenSys is currently engaged in implementing an enhanced third-party risk management program across its services. Protecting the privacy of our users and the safety of your data is at the core of this enhanced program.”
ConsenSys has urged users to be wary of any suspicious calls, texts, or emails. The company also reminded users to never reveal their secret recovery phrase to any third party under any circumstances and to report any suspicious activity to a MetaMask agent.