Trezor discloses phishing attack impacting 66,000 users

10 months ago 58
ARTICLE AD

While no funds have been compromised, Trezor warned users to remain vigilant against potential phishing attempts.

Crypto hardware wallet manufacturer Trezor has disclosed a potential data breach impacting up to 66,000 users who contacted their customer support since December 2021.

🚨Security Alert 🚨

On January 17, 2024, the third-party support ticketing portal we use encountered unauthorized access.

Potentially impacted data are limited to user emails and names/nicknames that contacted our customer support team.

We want to assure you that this does not… pic.twitter.com/hnxBYBlvlO

— Trezor (@Trezor) January 20, 2024

An unauthorized individual accessed Trezor’s third-party customer support ticketing system on January 17, potentially exposing user names/nicknames and email addresses. Trezor claims that this potential breach only occurred “at the level of that third-party service provider” they are currently engaged with.

Trezor stated they have yet to receive definitive confirmation from the third-party vendor regarding the extent of the breach. However, out of caution, Trezor emailed notifications to all 66,000 users with contact information compromised. The disclosure to possibly affected users was released within an hour of the company’s vulnerability notification. Trezor also directly contacted 41 users who received phishing emails from the attacker requesting sensitive recovery seed information.

While no funds have been compromised, Trezor warned users to remain vigilant against potential phishing attempts to steal wallet recovery seeds.

“We want to stress that none of our users’ funds have been compromised through this incident. Your Trezor device remains as secure today, as it was yesterday,” said the company.

Dependency on third-party vendors presents inherent security risks, an issue Trezor said they are addressing in light of this incident. Users are advised to avoid entering recovery seeds outside of the Trezor hardware device and to remain cautious of unsolicited communications requesting sensitive information. Trezor devices themselves remain secure.

Phishing employs social engineering techniques to gain access to sensitive personal data. Attackers carefully study their targets to create authentic-looking messages, often replicating logos and communications from legitimate organizations. 

One recent example is the SEC’s fake tweet on January 9, 2024, which created a false initial confirmation of the spot Bitcoin ETF. The incident was confirmed by X, corroborating claims from SEC Chairman Gary Gensler, who said it resulted from compromised access to the account

Phishing scams use clever technical tricks to seem real. Fake websites copy the look of real ones to fool people. Emails disguise who they are really from. Links and attachments secretly download harmful software. Even vigilant internet users can miss these signs. The combination of social manipulation and technical disguises makes phishing a common online threat. Staying alert protects against getting tricked.

Well-crafted phishing messages urgently request sensitive information or prompt users to click links to fake websites. By manipulating psychological factors like trust, reciprocation, and fear, such attacks exploit unaware victims.

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Read Entire Article