Hardware wallet provider Trezor disclosed a security breach on January 20, revealing that the contact information of approximately 66,000 users had been exposed. The breach was discovered on January 17 when unauthorized access to a third-party support portal was detected, potentially compromising data of users who had interacted with Trezor’s support team since December 2021.
Despite no confirmation, Trezor informed affected users of the possibility that their contact details were exposed and the risk of a phishing attack. The company emailed all 66,000 customers to notify them of the incident, emphasizing that no user funds were at risk and that Trezor devices remain secure.
At least 41 users received direct phishing emails requesting personal information about their seed phrases. Additionally, eight individuals who created accounts on a trial discussion platform by the same third-party vendor had their contact details compromised.
Phishing, a cybercrime where attackers impersonate a trustworthy entity to obtain personal data, did not result in any seed phrase information being stolen in this incident, according to Trezor. The company also highlighted that it alerted users within an hour of the incident and has not observed an increase in phishing activities as a result of the breach.
Trezor, known for providing cold storage for crypto assets, has faced various security incidents over the years. In March, they warned users of a phishing attack through a fake Trezor website that aimed to steal recovery phrases and assets. In another case, scammers selling counterfeit Trezor hardware managed to take control of a user’s private keys.