Trezor Incident Exposes User Information
Trezor Security Incident Notification
Hardware wallet manufacturer Trezor is investigating a security incident that occurred last week, exposing contact information (email and name) of approximately 66,000 customers who had interacted with the Trezor Support team since December 2021.
🚨Security Alert 🚨
On January 17, 2024, the third-party support ticketing portal we use encountered unauthorized access.
Potentially impacted data are limited to user emails and names/nicknames that contacted our customer support team.
We want to assure you that this does not… pic.twitter.com/hnxBYBlvlO
— Trezor (@Trezor) January 20, 2024
The incident was discovered on January 17th when unauthorized access to the customer support system managed by a third party was detected. At least 41 victims received emails from the attacker, requesting the submission of their 24-word seed phrase. This has raised significant security concerns within the user community.
In a notification to the affected individuals, Trezor assured that assets in the cold wallets remain secure. However, with the hacker having information from 66,000 customers, there is a risk that they may exploit this data for more sophisticated forms of fraud.
Trezor emphasizes the importance of never providing the seed phrase or wallet password to anyone, even if they claim to be a representative of Trezor via email.
This is not the first time Trezor has faced a security incident, as the company has consistently dealt with a series of attacks in recent years. In April 2022, Trezor fell victim to a phishing attack impersonating the company. In another incident, Trezor faced allegations of being susceptible to phishing attacks. More recently, the security firm Unciphered discovered vulnerabilities in Trezor that could potentially be exploited.
Related: Gamma Strategies was Hacked, Affecting Many Other DEXs
Anticipating the Future and Strengthening Security Protocols
In response to the incident, Trezor extends its apologies for any inconvenience caused and pledges to improve its security practices. Recognizing the complexities linked to third-party service providers, the company is reviewing its collaboration with the vendor involved.
While users stay alert to possible phishing threats, Trezor affirms the continued integrity of their hardware wallet’s security. The incident serves as a reminder for users to refrain from sharing their seed phrase and to exercise caution regarding any unusual or suspicious communication attempts.