Trezor Hardware Wallet Security Breach: Contact Information of 66,000 Users Exposed

In a recent announcement on January 20, 2024, Trezor, the popular hardware wallet provider, disclosed a security breach that has potentially exposed the contact information of nearly 66,000 users. The incident, which occurred on January 17th, 2024, involved unauthorized access to the third-party support ticketing portal used by Trezor.

The security breach has raised concerns, but Trezor assures its users that their digital assets remain secure. The company is actively investigating the incident and working closely with the third-party service provider to comprehensively assess the scope of the breach.

Scope of the Incident and User Impact

The security incident primarily affects customers who have interacted with Trezor Support since December 2021. While this represents a fraction of the total user base, up to 66,000 contacts were present in the system during that period. Trezor emphasizes that digital assets have not been compromised, but contact details, limited to email addresses and name/nicknames, may have been accessed.

To address the potential risk, Trezor has proactively reached out to all 66,000 affected users via email, alerting them to the incident’s scope. The company acknowledges the possibility of phishing attacks and urges users to exercise caution.

Immediate Response and Ongoing Investigation

Upon discovering the breach, Trezor took swift action to prevent further unauthorized access. The malicious actor’s access was promptly revoked, and a detailed audit of access and operational logs was conducted. The technical risk was mitigated entirely on January 17th, 2024, at 20:20 CET.

Trezor initiated communication with the third-party provider on the same day to assess the scope of the unauthorized access. While the provider initially assured Trezor that no data exports or emails had occurred, subsequent investigations revealed that 41 users had been directly contacted by the malicious actor. Trezor promptly notified and advised these users.

Despite ongoing communication with the third-party provider, a definitive conclusion regarding the scope of the breach has not yet been reached. Trezor’s security team continues to investigate diligently, pushing for clear and conclusive information to address the matter urgently.

User Funds Remain Safe

Trezor emphasizes that none of its users’ funds have been compromised. The Trezor hardware wallet remains secure, and users are reminded not to enter their recovery seed anywhere other than their Trezor device during recovery.

Trezor reiterates its long-standing policy: it will never ask for recovery seed information via email, customer support, or any other communication method. Users are urged to be cautious and report any communication requesting their seed phrase to the official support channel.

Looking Forward and Enhancing Security Practices

Recognizing the concerns raised by the incident, Trezor apologizes for any inconvenience caused and commits to enhancing its security practices. The company acknowledges the challenges associated with third-party service providers and is evaluating its partnership with the involved vendor.

As users remain vigilant for potential phishing attempts, Trezor assures them that their hardware wallet’s security remains intact. The incident serves as a reminder for users to never share their seed phrase and to be wary of unusual or suspicious contact attempts.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

Follow us on Reddit

You might also like