- The security incident happened on January 17, 2024, Trezor disclosed in a blog post published on January 20.
- It involved a third-party support ticketing portal that Trezor uses.
- Contact details included names and email addresses for up to 66,000 users were compromised.
Hardware wallet Trezor has announced that a security breach at a third-party support portal may have exposed up to 66,000 users. Investigations and an audit of the incident indicates that contact details likely exposed are limited to email addresses and user names /nicknames.
“On January 17th, 2024, 20:20 CET, we identified unauthorized access to the third-party support portal we use. This breach occurred at the level of that third-party service provider we are currently engaged with,” Trezor noted.
The breach could expose the 66,000 contacts that had interacted with the hardware wallet maker’s customer support since December 2021 to potential phishing attacks.
“Although unconfirmed, we consider it our responsibility to inform our affected users of the possibility of their contact details having been exposed, and at risk of a phishing attack,” Trezor added of the incident.
According to Trezor, 41 users have received emails asking for recovery seeds. However, no user wallet has been compromised.
Trezor has also contacted eight individuals that created accounts on Trezor’s trial discussion platform. The compromised third-party vendor hosted this particular platform.