In a new announcement on January 20, 2024, popular hardware wallet provider Trezor disclosed a security breach that potentially exposed the contact information of approximately 66,000 users. The incident occurred on January 17, 2024. It involved unauthorized access to the third-party support ticketing portal used by Trezor. The security breach has raised concerns, but Trezor reassures its users that their cryptocurrencies remain safe. The company says it is actively investigating the incident and is working closely with its third-party service provider to thoroughly assess the scope of the breach.
Critical vulnerability in the cryptocurrency platform
The security incident primarily affects customers who have interacted with Trezor Support since December 2021. While this represents a fraction of the total user base, up to 66,000 people were present on the system during this time. Trezor emphasizes that crypto assets were not compromised, but contact information limited to email addresses and names/pseudonyms may have been accessed. To address the potential risk, Trezor proactively reached out to all 66,000 affected users via email, alerting them to the scope of the incident. The company acknowledges the possibility of phishing attacks and urges users to be careful.
Upon discovery of the breach, Trezor took swift action to prevent further unauthorized access. The malicious actor’s access was immediately revoked and a detailed audit of access and operational logs was conducted. Technical risk was completely eliminated on January 17, 2024 at 20:20 CET. Trezor contacted the third-party provider the same day to assess the extent of unauthorized access. While the provider initially assured Trezor that no data transfer or email had occurred, subsequent investigations revealed that 41 users had been directly contacted by the malicious actor. Trezor immediately notified these users and provided them with advice.
User funds are safe
Despite ongoing communication with the third-party provider, no definitive conclusion has yet been reached regarding the extent of the breach. Trezor’s security team continues to investigate diligently, trying to obtain clear and accurate information to address the issue promptly. Trezor emphasizes that none of its users’ funds have been compromised. The Trezor hardware wallet remains secure and users are reminded not to enter recovery seeds anywhere other than their Trezor device during recovery.
Recognizing the concerns raised by the incident, Trezor apologized for any inconvenience caused. It also committed to improving security practices. The Company acknowledges the challenges associated with third-party service providers and is evaluating its partnership with the relevant vendor. While users continue to remain vigilant against possible phishing attempts, Trezor ensures that the security of their hardware wallets remains intact. This incident serves as a reminder for users to never share seed phrases and to be wary of unusual or suspicious communication attempts.
To be informed about the latest developments, follow us Twitter’in, Facebookin and InstagramFollow on . Telegram And YouTube Join our channel.