Trezor, a prominent provider of cryptocurrency hardware wallets, has launched an investigation into a recent security incident that occurred on January 17, 2024. This breach resulted in unauthorized access to the company’s support portal and the exposure of contact information belonging to approximately 66,000 users who had interacted with Trezor Support since December 2021.
The compromised information includes users’ names and email addresses. Trezor has assured its user base that its digital assets remain unaffected by this incident.
On January 17, 2024, at 22:20 UTC, Trezor detected an unauthorized intrusion into its support portal. The breach occurred at the third-party support portal level, which Trezor utilizes to assist its customers. The company promptly investigated the extent of this security breach, collaborating closely with its third-party service provider.
In an effort to protect its users and maintain transparency, Trezor has taken immediate action. The company has already notified all users who may have been affected by the breach. Trezor expects all affected users to receive notification emails within 12 hours.
Trezor has emphasized that the security incident did not compromise users’ digital assets. This assurance is vital, as the primary function of Trezor’s hardware wallets is to safeguard cryptocurrency holdings. The breach, while concerning, was limited to the exposure of names and email addresses and did not extend to any digital currencies stored in Trezor wallets.
Trezor’s investigation is ongoing, and the company is actively working to ascertain the full scope of the security incident. This includes identifying the vulnerabilities that were exploited during the breach and understanding the motives behind it. Such investigations are complex and can take time to ensure a thorough understanding of the situation.
During the investigation, it was revealed that the individual responsible for the breach contacted 41 users via email. These users were targeted with requests for sensitive information, specifically their cryptocurrency recovery seeds. Trezor strongly advises all users to exercise extreme caution when receiving unsolicited emails requesting sensitive information. Authentic communication from Trezor will always be conducted through official channels.
Trezor’s commitment to security
Trezor has built a strong reputation for prioritizing the security of its users’ cryptocurrency assets. This incident underscores the ongoing need for vigilance and cybersecurity measures within the cryptocurrency industry.
The company is committed to continually improving its security protocols to prevent future breaches and protect its users’ personal information.
What users should do
In light of this security breach, Trezor recommends that users take the following precautions:
Change Passwords: If you have interacted with Trezor Support since December 2021, consider changing your passwords, especially if you use the same password across multiple accounts.
Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts for an added layer of security.
Beware of Phishing: Be cautious of unsolicited emails or messages requesting sensitive information. Trezor will not ask for your recovery seeds or personal information via email.
Stay Informed: Keep an eye on official Trezor communications for updates on the investigation and any further recommendations.