Reading time: ~2 m
The Trezor hardware wallet team has reported a leak of customer personal data that occurred on the side of the MailChimp platform, through which the company conducts marketing emails. The attackers used user information in a phishing attack.
We will not be communicating by newsletter until the situation is resolved.
Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity. 2/
– Vault (@Trezor) April 3, 2022
“MailChimp has confirmed that their service has been hacked by an insider targeting crypto companies. We managed to disable the phishing domain. We are trying to determine how many email addresses were affected,” the statement said.
Trezor has stopped marketing mailings until the situation is “resolved”. Users were advised not to open emails supposedly sent on behalf of the company.
What data was compromised is unknown. The phishing mailing was carried out from a third-party domain trezor.us (the official domain is trezor.io). Users were asked to download the “latest” version of the Trezor Suit wallet management app.
Wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don’t have Trezor, because if I had, I would probably actually download that update. pic.twitter.com/DaBN2Oix11
– Tomáš Kafka (@ keff85) April 2, 2022
Previously, the attackers uploaded a fake Trezor app to the App Store. Users were robbed of at least $1.6 million in cryptocurrencies.
Recall that in March, the BlockFi crypto-lending platform reported a leak of user data hosted in CRM HubSpot.
#Trezor #team #reported #leak #user #data