Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Reactive statement: Trezor e-shop data leakage is a false message

May 2020 by SatoshiLabs

An unknown hacker listed supposedly leaked data of customers from the Trezor e-shop for bidding recently. Trezor got hold of the sample data and, based on the first investigation, there is no Trezor customer data included in the offered database. The whole incident seems like a scam due to the following facts:

- The content and structure of the leaked data does not correspond to the data from the Trezor e-shop and looks more likely to be fabricated
- Trezor has strong protocols on data protection that include anonymization of the e-shop data after a period of 90 days from the purchase. Trezor e-shop is historically and currently not running on the Shopify platform, which is being stated as a source of the leaked data

How does the Trezor anonymization protocol work?

The Trezor e-shop collects only the data needed for delivering the product. This data is shared with trusted partners for logistic purposes only. Anonymization of shipping addresses of orders after 90 days happens automatically after the order has been placed. Trezor anonymizes the data every day by overwriting data of orders older than 90 days with random data such as:
DXQem2mStjIm
w4P0pwAvA
xLeLj7HxrsvqfJKE

"We take data privacy very seriously at SatoshiLabs. By anonymizing the data in our e-shop after 90 days we minimize the impact of such a breach. I would like to assure our customers that their data is being treated as highly sensitive." Slush, CEO of SatoshiLabs




See previous articles

    

See next articles