Malware
Trezor Security Breach: Personal Data of 66,000 Customers Compromised in Latest Cyberattack
Trezor, a popular hardware cryptocurrency wallet provider, has experienced a data breach at its support site, affecting 66,000 customers. Exposed personal data includes names, emails, addresses, and phone numbers. Trezor urges users to enable two-factor authentication (2FA) to prevent unauthorized access and warns of potential phishing attempts.
Imagine waking up one morning to find out that your personal data has been exposed in a security breach. For 66,000 Trezor customers, this nightmare scenario became a reality when their third-party support ticketing portal was breached on January 17.
Trezor, a popular hardware cryptocurrency wallet vendor, has been investigating the incident and fortunately found no evidence that users’ digital assets were compromised. The company announced that users’ funds remain secure. But for those who have interacted with Trezor Support since December 2021, their names or usernames and email addresses may have been exposed to unauthorized parties.
While postal addresses, phone numbers, and other personally identifiable information were stored on the breached system, Trezor doesn’t believe these were impacted. However, there have already been 41 confirmed cases where the exposed data was exploited. Attackers are approaching users and attempting to trick them into giving away their recovery seeds – a string of words that contain all the information required to access a wallet.
How the Attackers Operate
The attackers send an email to Trezor users that masquerades as an “automated reply” from support. They ask users to disclose their 24-word phrase used for setting up their Trezor wallets, claiming that the seed information is needed only for firmware validation and won’t be “accessible by humans.”
If a user were to give away their Trezor seed phrase, the attacker could restore the victim’s wallet on any DIP39-compatible hardware wallet device and perform irreversible cryptocurrency theft.
Staying Safe and Vigilant
Trezor has contacted all potentially affected users, warning them of phishing attacks that try to obtain recovery seeds. The company notes that no cases of successful attacks have been observed. Additionally, the unauthorized access to its support system has been terminated, and the risk from the attack was mitigated on January 17 at 20:20 CET.
If you’re a Trezor user who contacted their support after December 2021, it’s crucial to remain vigilant for potential phishing and scamming attempts. Remember that hardware wallet users must never disclose their seed phrase under any circumstances. This information is confidential and should exclusively remain with you. Wallet providers will never request this type of sensitive data because it’s not necessary for any operational or support-related reasons.
Don’t Become a Victim
Security breaches like this one serve as a stark reminder of the importance of protecting your personal information and being cautious when interacting with online support channels. As a user, it’s up to you to stay informed and take the necessary precautions to keep your digital assets safe.
Remember, we at IT Services are here to help you navigate the complex world of cybersecurity. Don’t hesitate to reach out if you have questions or concerns. Keep coming back to learn more about how you can protect yourself and your valuable digital assets.