Trezor Security Breach: Contact Information of 66,000 Users Exposed

In a recent announcement on January 20, hardware wallet manufacturer Trezor revealed a security breach that impacted nearly 66,000 users. The breach involved unauthorized access to a third-party support portal, and Trezor took immediate action upon identifying the incident on January 17.

Data Access for Users Interacting with Support Since December 2021

Users who have engaged with the company’s support team since December 2021 may be affected by this breach. While the company has not confirmed the extent of the breach, Trezor emphasized its responsibility to inform users about the potential exposure of their contact details and the associated risk of phishing attacks.

Trezor promptly emailed all 66,000 contacts to notify them of the incident. Importantly, the company assured users that none of their funds were compromised in the breach, emphasizing the continued security of their devices.

Phishing Attempts on Trezor Users

The breach resulted in at least 41 users receiving direct email messages from the attacker, soliciting sensitive information related to their recovery seeds. Additionally, eight individuals who signed up on the same third-party vendor’s trial discussion platform had their contact details compromised.

Phishing, a prevalent type of cybercrime, involves attackers impersonating trusted entities to obtain sensitive information. The hardware wallet manufacturer clarified that no recovery seed phrases were disclosed due to the breach. The company took swift action, notifying users who received suspicious emails within an hour of the incident, emphasizing the importance of user vigilance.