- The security incident occurred on January 17, 2024, Trezor said in a blog post published on January 20.
- Included is the third-party support ticketing portal used by Trezor.
- Contact details including names and email addresses for up to 66,000 users were compromised.
Hardware wallet Trezor presentation A security breach in a third-party support portal may have exposed up to 66,000 users. The incident investigation and audit revealed that potentially exposed contact information was limited to email addresses and usernames/nicknames.
“On 17 January 2024 at 20:20 CET, we identified unauthorized access to a third-party support portal we use. This breach occurred at the level of a third-party service provider we currently work with.“Trezor said.
The breach could expose 66,000 contacts who interacted with the hardware wallet maker’s customer support to potential phishing attacks since December 2021.
“Although unconfirmed, we feel it is our responsibility to inform affected users of the potential exposure of their contact information and the risk of a phishing attack.” Trezor added about the incident.
According to Trezor, 41 users received emails requesting recovery seeds. However, user wallets were not compromised.
A screenshot of one of the emails sent to the user. Source: Treasure
Trezor also contacted eight individuals who had created accounts on Trezor’s trial discussion platform. This particular platform was hosted by a compromised third-party vendor.