Hassan Maishera
TL;DR
-
Trezor has revealed that roughly 66,000 of its users have been affected by a recent security breach.
-
The hardware wallet manufacturer said the contact information of the affected users was exposed.
Trezor Flags a Security Breach
Hardware wallet manufacturer Trezor announced over the weekend that there was a security breach that exposed the contact information of nearly 66,000 users
The company identified unauthorized access to a third-party support portal on January 17th. According to the company, users who have interacted with Trezor’s support team since December 2021 may have their data exposed. Trezor said,
“The security incident we’ve identified has implications for customers who have interacted with Trezor Support since December 2021. While this represents a small part of our entire user base, up to 66,000 contacts were present in the system during that time. We are making every effort to work with the third-party service provider to comprehensively investigate the incident. However, our internal audit of the incident suggests potential access to contact details, limited to email and name/nickname.”
Trezor added that although it remains unconfirmed, it still informed the affected users of the possibility of their contact details having been exposed, and at risk of a phishing attack. The company had already emailed all the 66k affected users.
“We want to stress that none of our users’ funds have been compromised through this incident. Your Trezor device remains as secure today, as it was yesterday,” the company added.
So far, more than 40 users have received direct email messages from the attacker requesting sensitive information about their recovery seeds. In addition to that, the contact details of eight people who created accounts on the same third-party vendor’s trial discussion platform have been compromised.
“The potential exposure of email addresses might be harmful in the fact that the emails can be subject to phishing attempts. As of now, we have not observed any spike in phishing activity as a result of this security incident,” Trezor added.
Phishing is popular in the crypto space and is a cybercrime in which attackers impersonate a trusted entity to obtain sensitive information from individuals. Attackers use phishing to steal sensitive data, such as login credentials, credit card numbers and other personal data.
So far, Trezor has revealed that no recovery seed phrases have been disclosed in association with the attack.
Trezor is one of the leading hardware wallet manufacturers in the cryptocurrency space. Its cold storage wallet enables users to store thousands of crypto assets.
