Security News > 2024 > January > Trezor support site breach exposes personal data of 66,000 customers

Trezor support site breach exposes personal data of 66,000 customers
2024-01-22 14:16

Trezor issued a security alert after identifying a data breach that occurred on January 17 due to unauthorized access to their third-party support ticketing portal.

A subset of 66,000 users who have interacted with Trezor Support since December 2021 may have had their names or usernames, and email addresses exposed to an unauthorized party.

Trezor has already confirmed 41 cases where exposed data has been exploited, with the attackers approaching users to trick them into giving away their recovery seeds - a string of words that contain all the information required for gaining access to a wallet.

Specifically, the attackers email Trezor users with a message that seems like an "Automated reply" from support, requesting them to disclose the 24-word phrase they used for setting up their Trezor wallets.

Giving away a Trezor seed phrase would allow the attacker to restore the victim's wallet on any DIP39-compatible hardware wallet device and perform irreversible cryptocurrency theft.

The company says the unauthorized access to its support system has now been terminated and the risk from the attack was mitigated on January 17 at 20:20 CET. If you are a Trezor user who contacted their support after December 2021, be vigilant for potential phishing and scamming attempts.


News URL

https://www.bleepingcomputer.com/news/security/trezor-support-site-breach-exposes-personal-data-of-66-000-customers/