Data Breach at Crypto Wallet Firm Ledger Exposes User's Personal Info

Published at: July 29, 2020

Major cryptocurrency hardware wallet provider Ledger has alerted customers to a data breach it faced in June and July.

In an email on July 29, the company said it was made aware of the breach on July 14 when a researcher participating in its bounty program reached out with details of a potential vulnerability on their website.

While they were able to fix the breach immediately, a further investigation by the team found that an authorized third party carried out a similar action on June 25. 

The individual used an API key to access the marketing and e-commerce database the company used to send promotional emails. 

According to Ledger, this compromised the email addresses of almost one million people. The firm added that, for a subset of 9,500 customers, details such as first and last name, postal address and phone number were also exposed.

The company claimed the API key used to access the database has since been deactivated.

After investigating the matter in tandem with third parties and confirming the breach, Ledger said it notified the French Data Protection Authority, CNIL. Reassuring their users of their funds’ security, Ledger wrote in a blog post:

“Your payment information and crypto funds are safe […] Regarding your e-commerce data, no payment information, no credentials (passwords), were concerned by this data breach. It solely affected our customers’ contact details.”

The company also said that it is monitoring online marketplaces to find evidence of the stolen data being sold, but has found none so far.

Ledger advised users to be vigilant regarding phishing attempts by malicious scammers and said it would never ask them for their recovery phrases.

Tags
Related Posts
Ledger users threaten legal action after hacker dumps personal data
The hacker that breached hardware wallet provider Ledger’s marketing database earlier this year has released personal data for thousands of users, prompting many to threaten the firm with a class-action lawsuit. According to a tweet from network security firm Hudson Rock's Alon Gal, a hacker allegedly behind the breach of personal data from hardware wallet Ledger in June has made all the information they obtained available online. This reportedly includes 1,075,382 email addresses from users subscribed to the Ledger newsletter, and 272,853 hardware wallet orders with information including email addresses, physical addresses, and phone numbers. ALERT: Threat actor just dumped …
Technology / Dec. 20, 2020
Ledger Crypto Wallet Claims Purported Vulnerability Is User Experience Flaw
Leading crypto hardware wallet producer Ledger has denied that its product’s transaction management software featured a double-spend vulnerability. According to Ledger’s CTO Charles Guillemet, the vulnerability recently revealed by software wallet ZenGo is — in fact — nothing more than a user experience flaw. He illustrated the nature of its hardware wallet companion software Ledger Live to Cointelegraph: “It’s important to understand that rather than an attack, the actual flaw may be seen more as a clever piece of trickery. Trickery is not a vulnerability. However, we do want to prevent anyone from falling victim to these kinds of clever …
Technology / July 6, 2020
New Decentralized Cybersecurity Solution Enables Passwordless Logins
Blockchain cybersecurity firm Unbound Tech launched a new login solution meant to enable businesses to go passwordless. According to an announcement on June 17, Unbound Tech’s new identity solution removes the dependence on traditional authentication methods with a decentralized key management system. The system can also be used to access blockchain wallets. The system is meant to replace hardware tokens, software-powered one-time-passwords and standard passwords. According to the firm, the new solution can secure high-risk operations and authenticate transactions without security, usability or cost trade-offs. Unbound Tech CEO and co-founder Yehuda Lindell told Cointelegraph that there is need for such …
Technology / June 18, 2020
A Hacker is Attempting to Sell a Las Vegas Hotel Database for Crypto
The MGM Resort suffered a massive data breach in 2019 that left 142 million hotel guests exposed. A hacker is now selling the stolen database for roughly $2,900. According to the information revealed by ZDNet, a dark web marketplace claims that data from 142,479,937 MGM hotel guests are on sale. Preferred payment is denominated in Bitcoin (BTC) and Monero (XMR). MGM Resorts confirmed the data breach, stating that they’re aware of the scope of this previously reported incident from 2019. No financial data was leaked However, according to the research, the cybercriminal did not leak any sensitive data from the …
Technology / July 14, 2020
Coinbase discloses recent cyberattack targeting employees
Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said. As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions: "While the majority ignore this unprompted message - one employee, believing that it’s an important …
Technology / Feb. 22, 2023