Leading hardware wallet provider Trezor has issued an alert to its users about a potential phishing threat following a security breach reported at a third-party support platform.
The breach reportedly exposed contact details, including names, email addresses, and other sensitive information, of about 66,000 users.
Details About The Breach
Trezor disclosed that several customers were at risk due to the unauthorized system failure. However, the hardware wallet provider assured users that no user funds were impacted due to the breach and that it would thoroughly investigate the incident. In a blog post, the company revealed that details of around 66,000 users who have accessed Trezor support since 2021 could potentially be compromised.
“We are investigating a security incident that occurred on January 17th, 2024. This breach occurred at the level of that third-party service provider we are currently engaged with. We are amidst a thorough investigation into the scope of this incident, along with the third-party service provider. Based on the ongoing investigation of the incident and our communication with the third-party service provider, there is a potential that the contact details of up to 66000 users, customers who have interacted with Trezor Support since December 2021, may have been accessed.”
Following the breach, the attacker contacted 41 users directly via mail and attempted to solicit sensitive information regarding their recovery seeds. Trezor also identified a further eight individuals who may have been compromised after registering accounts on the same platform hosted by the same third-party provider.
“Furthermore, we also believe 8 people who created accounts on our trial discussion platform hosted by the same third-party vendor might have had their contact details compromised, too. All 8 people have been directly contacted by our support team and made aware of the incident.”
Risk Of Phishing Scams
Trezor also alerted its users to remain vigilant about potential phishing scams that could arise thanks to the security breach. In phishing attacks, hackers impersonate a trusted entity and attempt to extract sensitive information from unsuspecting users. Such attacks are often used to steal valuable user data, passwords, seed phrases, and credit card details.
“However, given the breach of contact details, there remains a heightened risk of phishing attacks aimed at obtaining the affected users’ recovery seed.”
In 2023, phishing attacks targeting wallets led to nearly $300 million in losses to users.
Trezor To Investigate Incident
Trezor has also assured users it would investigate the incident. It added that it had reviewed all interactions and initiated contact with affected individuals. The company is also actively working to ascertain the full extent of the exploit, including identifying vulnerabilities exposed during the incident. Trezor also stated it had successfully prevented the disclosure of recovery seed phrases and assured users that no funds had been compromised during the incident.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.