January 22, 2024 at 09:21AM
Trezor issued a security alert following a data breach on January 17, revealing that unauthorized access to their support ticketing portal led to potential exposure of user information. However, no evidence has been found of compromised digital assets. Users are urged to be vigilant against phishing attacks and never disclose their seed phrase.
From the meeting notes, here are the key takeaways:
– Trezor experienced a data breach on January 17 due to unauthorized access to their third-party support ticketing portal.
– The breach led to the exposure of names, usernames, and email addresses of about 66,000 users who interacted with Trezor Support since December 2021.
– There is no evidence of compromise to users’ digital assets, but 41 cases of data exploitation have been confirmed.
– Attackers have been phishing users by pretending to be Trezor support and requesting the 24-word seed phrase used for setting up wallets, which could lead to irreversible cryptocurrency theft.
– Trezor has reached out to potentially affected users and advised vigilance against phishing and scam attempts.
– The unauthorized access to the support system has been terminated, and the risk from the attack was mitigated on January 17 at 20:20 CET.
– It is emphasized that users should never disclose their seed phrase to anyone, as this information is confidential and should remain exclusively with the user.
These takeaways should be communicated to relevant stakeholders for their awareness and action as necessary.