Trezor, a prominent hardware wallet manufacturer, has recently disclosed a security breach that compromised the contact details of approximately 66,000 users. This breach, announced on Jan. 20, stems from unauthorized access to a third-party support portal discovered on Jan. 17.
The company has acknowledged that users who engaged with Trezor’s support team since December 2021 may have been impacted by this breach. In light of this, Trezor has taken the initiative to email all potentially affected customers, alerting them to the risk of phishing attacks.
Trezor emphasized the safety of users’ funds, reassuring that the security of Trezor devices remains uncompromised. “Your Trezor device remains as secure today, as it was yesterday,” the company stated.
However, the breach did lead to direct phishing attempts. At least 41 users received targeted emails from the attacker, seeking sensitive information related to their recovery seeds. Additionally, eight individuals who registered on a trial discussion platform linked to the same third-party vendor had their contact information exposed.
Phishing, a prevalent form of cybercrime, involves attackers masquerading as trustworthy entities to extract sensitive information from victims. This method is commonly used to obtain login credentials, credit card numbers, and other personal data.
In this incident, Trezor confirmed that no recovery seed phrases were disclosed. The company also reported having promptly alerted users who received the phishing emails within an hour of detecting the incident. Trezor warned that the exposure of email addresses could lead to increased phishing attempts, though no significant spike in such activities has been observed following the incident.
This is not the first security issue faced by Trezor. The company has previously alerted users about similar phishing attacks, including one in March where scammers attempted to steal funds through a fake Trezor website. Another incident involved counterfeit Trezor hardware wallets being sold, potentially compromising users’ private keys.