Trezor’s Security Breach Leaves 66K Users Vulnerable
Trezor, a hardware wallet service, has published the list of users who have contacted the support team. The list indicates that around 66K Trezor users have been affected by phishing attacks since December 2021. On this front, Trezor has flagged the firm for a security breach that led to the loss of personal information for its users based in thousands.
The firm posted the update on 20th January 2024. Trezor also identified access to a third-party portal on 17th January 2024. Such that investors who have been corresponding with the support team of Trezor since December 2021 may be exposed to illegal data access as per the company disclosure.
Trezor officials have noted that the data breach incidents are not yet confirmed yet but the platform has disclosed the information in the spirit of honest disclosure. The firm has notified the users that their contact details may have been exposed and can be at risk for phishing attacks.
The firm also noted that it has sent emails to all 66 thousand contacts to inform them about the security breach. The firm assured the users that none of the investor funds were affected and the Trezor devices were secure as much as it was yesterday. On this account, around 41 users have received direct emails from attackers who have requested sensitive information regarding their recovery seeds.
Trezor Users to Receive Phishing Emails
The officials at Trezor have noted that around 8 people who make accounts for third-party discussion forums are also subjected to contact information leaks. Phishing is a type of cyberattack where hackers interact with the target in the guise of trusted firms or individuals as a way to extract sensitive information from individuals.
This type of attack is focused on stealing personal information such as log-in information, credit card details, and other personal details that can lead to financial losses.
As per Trezor, thus far the recovery phrases of its account holders have not been breached. The firm has retained that it has continued to alert users who receive such emails within an hour of the incident.
The firm has sent a notification to the users informing them that phishing email activities have not spiked as a result of the security breach. It is important to note that Trezor is one of the top hardware wallet manufacturing firms.
Hardware Wallet Ledger Warns Investors about ID Tracking Software
Developer Rektbuilder alerted Ledger users regarding an issue with the Ledger Live program. As per his analysis published by Bitcoin.com, the software may be able to track user ID on account of embedding checks while installing the app on mobile devices.
He further stated that it was impossible to disable remote tracking meaning that Ledger is alerted every time a user plugs in their device. The firm is now reportedly working with Rektbuilder to collect feedback.
He further revealed that Ledger Live made 2000 network calls for unnecessary reasons. Furthermore, he has claimed that there is no warranty that the private keys of the users are unreadable on account of the recovery function of the device. About a month ago, Ledger officials reported an isolated hack attempt that resulted in the theft of $484K worth of digital currencies. Ledger informed the users that the attack was on account of a former employee receiving a phishing email.