Trezor has released 66,000 users affected by phishing attacks
According to a January 20 announcement, hardware wallet Trezor has identified a security breach that exposed the contact information of nearly 66,000 users.
Trezor identified unauthorized access to a third-party support portal on January 17. Users who interacted with Trezor's support team starting in December 2021 may have had their data accessed by the vulnerability, the company said.
Trezor said, “Although it is not confirmed, we consider it our responsibility to notify our affected users of the possibility of their addresses being exposed and phishing attacks.” The company said it emailed all 66,000 addresses to notify them of the action.
“We would like to stress that none of our users' funds were harmed in this incident. Your Trezor device is as secure today as it was yesterday.”
At least 41 users received direct email messages from the attacker asking for sensitive information about their recovery seed. In addition, eight people who created accounts on the same third-party provider's test chat platform had their contact details compromised.
Phishing is a form of cybercrime where attackers impersonate a trusted entity to obtain sensitive information from individuals. Phishing is often used to steal sensitive information such as login credentials, credit card numbers, or other personal information.
According to Trezor, no recovery seed phrases have been released as a result of the crash. The company also said it notified users who received an email within an hour of the incident.
“Exposing email addresses can be harmful as the emails are vulnerable to phishing attempts. So far, we have not seen any increase in phishing activity as a result of this security issue.”
Trezor is a popular manufacturer of cryptocurrency hardware wallets that primarily provide cold storage for digital assets. However, the company has faced many security problems over the years.
In March, it warned users about a phishing attack aimed at stealing investors' money by asking them to enter the wallet recovery phrase on a fake Trezor website. In another case, fraudsters selling fake Trezor hardware were able to gain control of a user's private keys.
Magazine: Which gaming association has positioned itself best for the bull market?
