Trezor Security Breach: What Happened?
Trezor, a manufacturer of hardware wallets, recently reported a security breach. Approximately 66,000 user’s contact information was exposed due to unauthorized access to a third-party support portal on January 17.
“Although unconfirmed, we consider it our responsibility to inform our affected users of the possibility of their contact details having been exposed, and at risk of a phishing attack,”
Noted Trezor security alert.
The company has taken the necessary steps to address the Trezor security breach by sending out email notifications to all 66,000 contacts affected by the incident.
Users who have reached out to Trezor’s support team since December 2021 should be aware that they may have been impacted by this event.
“We want to stress that none of our users’ funds have been compromised through this incident. Your Trezor device remains as secure today, as it was yesterday.”
41 Users Received Direct Mails in the Trezor Phishing Attack
During the security breach, it appears that 41 users received direct email messages from the attacker, who requested sensitive information regarding their recovery seeds. Additionally, eight individuals who created accounts on the same trial discussion platform of the third-party vendor also had their contact details compromised.
According to Trezor, there have been no disclosures of recovery seed phrases as a result of the incident. The company claims to have promptly notified users who received emails within one hour of the occurrence. Trezor remains dedicated to addressing the situation promptly and ensuring the security of its users’ information.
“The potential exposure of email addresses might be harmful in the fact that the emails can be subject to phishing attempts. As of now, we have not observed any spike in phishing activity as a result of this security incident.”
Trezor is a well-known and reputable manufacturer of hardware wallets for cryptocurrencies, specializing in secure cold storage solutions for digital assets. Unfortunately, the company has had to address several security incidents in the past.
One incident involved a phishing attack in which users were targeted and tricked into entering their wallet’s recovery phrase on a fraudulent Trezor website. Trezor promptly alerted its users about this fraudulent activity.
Another incident involved scammers selling counterfeit Trezor hardware, which allowed them to gain control over the user’s private keys.
Trezor Security Breach Update: Trezor Probes Phishing Scam
While funds remain completely secure on devices, Trezor issued a security notice on January 20th to the 66,000 potentially affected users warning of increased phishing risk. The company has urged vigilance against suspicious emails requesting financial details or seeds.
Trezor continues working with the third party to assess the full scope. As IT dependencies present challenges, Trezor is re-evaluating this relationship to strengthen data security. Users are encouraged to only interact with official Trezor support channels and never disclose seeds to prevent potential account compromise.
With awareness of this incident, users can identify and avoid malicious phishing attempts aimed at stealing personal or financial cryptocurrency details. Users can contact Trezor support to report any suspicious activity.
“Protecting our users is our utmost priority, and we believe in upholding transparency. By sharing this information, we aim to empower you to heighten your vigilance and enhance the security of your personal information.”
Trezor says in a blog post detailing the Trezor breach.