Trezor, a crypto hardware wallet maker, recently rubbished all claims that its devices suffered a data breach. The firm called it a hoax and said that no user data was leaked.
What happened during the alleged breach?
A hacker recently claimed to have gained access to personal data of users of three popular hardware wallet providers- Trezor, ledger, and KeepKey by ShapeShift. Cybersecurity firm Under The Breach also noted on Sunday that the hacker had listed some freshly exploited data from the hardware wallets. However, he probably got access to it via an alleged Shopify breach. Now the hacker is selling the details on the internet.
It wrote on Twitter,
“The Ethereum forum hacker is now selling the databases of @Trezor and @Ledger. Both of which obtained from a @Shopify exploit. (suggesting there are many more underground leaks). The hacker also claims he has the full SQL database of famous investing site @BankToTheFuture.”
The screenshots that were shared publicly includes names, phone numbers, emails, and addresses of users of the hardware wallets.
All claims are false
As soon as the reports of the hack started coming out, Trezor quickly informed users that it does not use Shopify for its eshops. Later, on Monday, the company published an official post on Twitter. It said that the data sample from the hacker has been analyzed thoroughly. The firm also confirmed that the data provided by the hacker does not match its own customer records from the e-shop. It wrote,
“We can also assure our Trezor Wallet users, that their data has not been affected.”
It reiterated that its eshop is not connected to Shopify but it is still investigating the situation. The firm said that it routinely purges old customer records to minimize the impact. All customer data is removed from Trezor’s online system after 90 days of placement orders. This helps in securing users against possible breaches of data. It said that the structure and content of the data appear fabricated as it doesn’t match the data structure used by the firm.
Ledger also tweeted about the alleged data breach and said that it checking the validity of these claims.