A third-party service provider for MetaMask wallet faced an attack on its database & lost nearly 7,000 MetaMask email addresses.
MetaMask is a popular Ethereum wallet, known for its decentralised nature. MetaMask wallet was initially released in 2016 by blockchain developer firm ConsenSys. Over the past couple of years, the MetaMask team brought several fiat payment service providers to allow MetaMask users to buy crypto assets with direct fiat payment.
On 14 April 2023, ConsenSys published a blog post and confirmed that a third-party platform, providing customer ticket service for MetaMask users via MetaMask, faced a cybersecurity incident.
The ConsenSys team confirmed that the cyber attack helped the attacker to access all the email addresses of MetaMask users, who sent tickets to MetaMask between 1 Aug 2021 to 10 Feb 2023.
In this attack, the hacker can see the email addresses of more than 7,000 MetaMask users.
Through this information, the ConsenSys team suggested MetaMask users remain aware of any type of phishing attack because those bad actors can misuse the email address to send phishing mail.
Earlier in Feb 2023, We reported that domain name service provider Namecheap’s email service was compromised.
Reportedly Namecheap hackers were using the collected emails to send phishing mail in the form of invoices to ask for critical details from the crypto users.
MetaMask team warned people to remain away from any kind of such phishing mail and never provide any kind of backup key or kYC to anyone.