Crypto hardware wallet maker Trezor has squashed the recent claims of their users’ leaked data, calling it a hoax.
A hacker recently claimed to have stolen personal data of the users of three major hardware wallets - Ledger, Trezor, and Shapeshift’s KeepKey.
Under The Breach, a Cybersecurity firm, also pointed out on Sunday that the hacker has listed fresh exploited data from these wallet platforms obtained from an alleged Shopify breach and is selling them on the internet.
The Ethereum forum hacker is now selling the databases of @Trezor and @Ledger.
Both of which obtained from a @Shopify exploit. (suggesting there are many more underground leaks). The hacker also claims he has the full SQL database of famous investing site @BankToTheFuture. pic.twitter.com/4M3f2bQKvB — Under the Breach (@underthebreach) May 24, 2020
Publically shared screenshots include names, addresses, phone numbers, and emails of the hardware wallet users, all of which were for sale.
Making false claims of hack
Though Trezor was quick enough to point out that its eshops does not use Shopify, the company published an official post on Monday, calling the data breach a “hoax”.
“An unknown hacker listed supposedly leaked data of customers from the Trezor e-shop for bidding recently. We have thoroughly analyzed the data sample and we can confirm that it does not match our customer records from the e-shop,” Trezor noted on the official blog post. “We can also assure our Trezor Wallet users, that their data has not been affected.”
There are rumors spreading that our eshop database has been hacked thru a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation. We've been also routinely purging old customer records from the database to minimize the possible impact.
— Trezor (@Trezor) May 24, 2020
The hardware wallet maker also pointed out that the content and structure of the leaked data does not correspond to the data from the Trezor e-shop and “looks fabricated.”
“The Trezor e-shop collects solely the necessary data needed for the delivery of the product,” Trezor added. “After 90 days of placing your order, we remove all the sensitive data from our online systems. This minimizes the impact of potential breaches.”
Following the claims, Ledger also tweeted informing that the company is also checking the validity of the claims.
Rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db, and so far it doesn’t match our real db. We continue investigations and are taking the matter seriously.
— Ledger (@Ledger) May 24, 2020