Trezor, a leading producer of hardware wallets for cryptocurrencies, disclosed a security vulnerability on January 20, leading to the exposure of contact details for over 66,000 customers. The incident was traced back to unauthorized access to a third-party support portal detected on January 17.
According to Trezor, users who communicated with their support staff since December 2021 may have had their data compromised. Although there is no confirmation, Trezor has taken a proactive stance, notifying all 66,000 contacts about the potential security breach via email.
In a statement, Trezor emphasized that users’ funds remain secure, reassuring them that their Trezor devices are as secure today as they were before the incident.
The attacker targeted at least 41 users directly, requesting private information on their recovery seeds. Additionally, contact information for eight users who registered on a trial discussion platform of a third-party vendor was exposed.
Trezor acknowledged the potential harm of exposed email addresses, susceptible to phishing attempts, a cybercrime technique where perpetrators pose as reputable organizations to trick victims into divulging personal information.
Despite the incident, Trezor assured users that no recovery seed phrases have been made public, and consumers who received emails were promptly notified within an hour of the event. The company remains vigilant against potential phishing activities resulting from this incident.
Trezor, known for its focus on cold storage for digital assets, has encountered security lapses in the past. Users were warned about phishing attempts in March, and incidents involving con artists compromising private keys through fake Trezor devices were reported.
Recent challenges include the infiltration of Socket, resulting in the theft of contracts worth $3.3 million. Trezor’s team reported a swift resolution of the issue, reassuring users of the platform’s operational status.
