- Trezor suffers a security breach on its customer support platform.
- The illicit actor got access to the personal data of 66,000 customers.
- Trezor said all affected customers have been contacted since the exploit.
Hardware wallet provider Trezor on Saturday announced it was investigating a security breach on its third-party support ticketing portal.
Trezor said the breach occurred in the late hours of January 17th.
According to that blog post, the firm explained that an illicit actor gained access to some of its customers’ data.
In particular, the information of its customers who have interacted with the Trezor Support page since December 2021. The report places the number of possibly affected customers at up to 66,0000.
Already, Trezor said it has sent an email to all the affected accounts to alert them of the breach. Furthermore, Trezor stated an internal audit revealed that access to the contact base was limited to email and name/nickname.
Following the exploit, the wallet provider said the illicit actor had contacted around 41 customers asking for sensitive information related to their recovery seeds.
Furthermore, Trezor said an additional eight people who created trial accounts on Trezor’s discussion platform could have been affected too.
The discussion platform is hosted by the same third-party vendor in charge of Trezor Support.
As noted in the post, only customers who have ever interacted with the Trezor support could have their information compromised.
Furthermore, Trezor assured none of the users’ funds were compromised through the incident. Additionally, it said the 66,000 affected customers represent a small part of its customer base.
Meanwhile, the company said it was working with the third-party service provider to assess the extent of the breach.
Meanwhile, Trezor implored users to be wary of phishing emails asking for personal information or recovery phrases for their wallet accounts.
So far, Trezor said no customer has fallen victim to a compromise or loss of funds. Additionally, it confirmed all the accounts contacted by the illicit actor have been promptly warned.