According to Cointelegraph: On January 20, hardware wallet manufacturer Trezor reported a security breach that exposed the contact details of nearly 66,000 users. Unauthorized access to a third-party support portal was discovered on January 17, potentially affecting users who have interacted with Trezor's support team since December 2021.
Although the company isn't able to confirm whether user information was indeed accessed in the incident, it deemed it prudent to inform those potentially affected about the possibility of their exposure to phishing attacks. As such, all 66,000 contacts were emailed with information concerning the incident. Trezor emphasised that no users' funds were compromised in this incident.
Phishing is a type of cybercrime where attackers impersonate trusted entities to acquire sensitive information from individuals. These attacks often aim to steal vital data, such as login details, credit card numbers, or other personal information.
Alarmingly, at least 41 users received direct email messages from the attacker demanding sensitive information about their recovery seeds. Additionally, eight people who created accounts on the same third-party vendor's trial discussion platform had their contact details compromised.
Despite the breach, Trezor asserts that no recovery seed phrases were disclosed during the incident and promptly alerted users who received the malicious emails in under an hour from the incident occurrence. The company maintains that the potential exposure of email addresses might only lead to an increase in phishing attempts. However, no rising trend in phishing activity has been observed as a result of this security incident so far.