I use the email that I bought a trezor with on other websites, but after reading the forum my suspicions were confirmed.
I’ve never gotten any phishing emails specifically for trezor before, then after I purchase it, suddenly I’m getting phishing emails. I purchased it from your website. This is absolutely ridiculous. How do I know that this doesn’t go further up the chain? How am I expected to trust that it’s just your database of emails that was compromised? You need to be transparent and WARN PEOPLE about this. I think we all need to report you for failing to comply with GDPR laws.
That isn’t being transparent. That’s an attempt to slow down a large volume of posts like this. Reporting the website that it comes from is pointless as they’re using compromised SMTP servers. I should have been sent a notice that my data was compromised in compliance with GDPR laws. Are they even aware that they’ve had another data leak?
No leak has been confirmed yet, that is why we could not send any other message than informing we are looking into the recent phishing campaign, hopefully it is understandable.
you have any details about that? is the smtp server allowing to send emails under trezor’s name (possibly even with DKIM) without authentication from anyone or what’s going on?
you dont need your own SMTP server compromised for that, an attacker could use ANY SMTP server, if trezor’s SMTP server was actually compromised they could send from the trezor domain