On January 17th, 2024, #trezor experienced a security incident involving unauthorized access to their third-party support ticketing portal. While investigating, they discovered potential access to contact details, limited to email and name/nickname, of up to 66,000 users who interacted with #TrezorSupport since December 2021. The breach also involved direct contact by a malicious actor with 41 users, seeking sensitive information related to their recovery seeds. Trezor promptly revoked access, initiated an internal audit, and engaged with the third-party provider for a comprehensive investigation.
As a precaution, Trezor proactively notified all 66,000 affected users of the incident, emphasizing potential phishing risks. No recovery seed phrases were disclosed, and ongoing communication with the third-party provider aims to confirm the extent of the exposure. Trezor assures users that their funds are secure, reiterates the importance of not sharing recovery seeds, and offers support for any concerns. The incident has led to a reevaluation of their relationship with the third-party vendor to enhance data security measures.
FAQs address concerns about the breach's impact, the nature of exposed data, and guidance on identifying legitimate interactions with Trezor Support. Despite the incident, Trezor emphasizes the continued security of their hardware wallets and expresses regret for any inconvenience caused. Users are urged to remain vigilant against phishing attempts and contact support for any suspicious activity.
