Trezor discloses 66K users affected by phishing attack

Avatar

Hardware wallet Trezor has flagged a security breach that exposed the contact information of nearly 66,000 users, according to a Jan. 20 announcement. 

Trezor identified unauthorized access to a third-party support portal on Jan. 17. Users who have interacted with Trezor’s support team since December 2021 may have had their data accessed in the incident, said the company.

“Although unconfirmed, we consider it our responsibility to inform our affected users of the possibility of their contact details having been exposed, and at risk of a phishing attack,” noted Trezor. The company said to have emailed all the 66,000 contacts to notify them of the incident.

“We want to stress that none of our users’ funds have been compromised through this incident. Your Trezor device remains as secure today, as it was yesterday.”

At least 41 users received direct email messages from the attacker requesting sensitive information about their recovery seeds. Furthermore, eight people who created accounts on the same third-party vendor’s trial discussion platform also had their contact details compromised.

Screenshot of the email received by users from a malicious actor. Source: Trezor

Phishing is a type of cybercrime in which attackers impersonate a trusted entity in order to obtain sensitive information from individuals. Phishing is often used to steal sensitive data, such as login credentials, credit card numbers, or other personal information. 

According to Trezor, no recovery seed phrases have been disclosed as a result of the incident. The company also claims to have alerted users that received emails within an hour of the incident.

“The potential exposure of email addresses might be harmful in the fact that the emails can be subject to phishing attempts. As of now, we have not observed any spike in phishing activity as a result of this security incident.”

Trezor is a popular manufacturer of cryptocurrency hardware wallets, primarily providing cold storage for digital assets. The company, however, has faced several security incidents over the years.

In March, it warned users about a phishing attack intended to steal investors’ money by asking them to enter the wallet’s recovery phrase on a fake Trezor website. In another incident, scammers selling fake Trezor’s hardware were able to take over control of the user’s private keys.

Magazine: Which gaming guild positioned itself best for the bull market?