Hardware wallet Trezor revealed a security breach on January 20th, exposing the contact information of approximately 66,000 users. Trezor detected unauthorized access to a third-party support portal on January 17th. The company stated that users who have interacted with Trezor’s support team since December 2021 may have had their data accessed.
Trezor Faces Phishing Attack
The Trezor team, although unconfirmed, believes it is their responsibility to inform users about the possibility of their contact information being exposed and the risk of a phishing attack. The company has notified all 66,000 customers by email about the incident:
“We want to emphasize that no user funds were put at risk due to this incident. Your Trezor device is as secure today as it was yesterday.”
At least 41 users received direct email messages from the attacker requesting personal information about their seed phrase. Additionally, contact information for eight individuals who created accounts on the same third-party vendor’s trial discussion platform was compromised.
Trezor Team Responds Promptly to the Incident
Phishing, also known as identity theft, is a type of cybercrime where attackers impersonate a trustworthy organization to obtain personal data from individuals. Phishing is often used to steal personal data such as login credentials, credit card numbers, or other personal information. According to Trezor, no seed phrase information was compromised as a result of the incident. The company also noted that it alerted users who received emails within an hour of the incident:
“The potential exposure of email addresses could be harmful due to the fact that these emails may be subject to phishing attempts. As of now, we have not observed any increase in phishing activities as a result of this security event.”
Trezor is a popular cryptocurrency hardware wallet manufacturer that primarily provides cold storage for crypto assets. However, the company has faced various security incidents over the years. In March, it warned users about a phishing attack aiming to steal investors’ assets by asking them to enter their wallet’s recovery phrase on a fake Trezor website. In another incident, scammers selling counterfeit Trezor hardware managed to take control of a user’s private keys.
