Posted 6 months ago | by @devadmin
A leak of the e-commerce and marketing database of Ledger has been confirmed exposing over 1,000,000 email addresses and more than 250,000 physical addresses and phone numbers.
Earlier this year, it was alleged that Ledger was hacked in a note to its clients CEO Pascal Gauthier said the French hardware wallet provider was a victim of a large-scale data breach from an unauthorized third party.
The hacker, whose identity remains unknown, gained access to Ledger’s e-commerce and marketing database. Now, Jameson Lopp a well-known Cypherpunk has confirmed that everyone’s private information was just dumped onto a private hacking forum known as Raidforums. Ledger previously said that its customers affected were those who signed up for Ledger’s newsletter or to receive promotional material from the company.
Leak is legit.
Over 1,000,000 email addresses
Over 250,000 physical addresses and phone numbershttps://t.co/hLoXv3BATk
— Jameson Lopp (@lopp) December 20, 2020
Ledger also stated initially that there were only 9,500 customers who had their full names, postal addresses, and phone numbers exposed. We now know that to be false with over 1,000,000 email addresses and more than 250,000 physical addresses and phone numbers that have been published.
A previous phishing attempt stated to Ledger users that their assets may be compromised, Coindesk reported. Specifically, the phishing email stated, “Our forensics team has found several of the Ledger Live administrative servers to be infected with malware.”
Ledger has said in the past that payment information, passwords, and cryptocurrency funds were not affected by the breach. Thus far, this seems to be the case. However, the wallet addresses aren’t connected to email addresses, phone numbers, or addresses.
Still, having someone’s phone number and email you can do a lot of reconnaissance work to develop a profile on a person to eventually work towards scamming them. For example, there are websites online where you can search an email address and find all the services someone is signed up to, which could be abused to gain access to other non-crypto related accounts, or malware could be sent to an email address that steals a user’s funds.
A text message can also be used similarly to find more information out about a person and then text them. In a hypothetical scenario, an attacker can pretend to be a friend or message about a service that the victim is signed up for, such as tracking a package or sending a notification to name a few ways that information can be abused. It’s also worth mentioning that hackers could attempt to do a SIM-swap hack, intercepting SMS-based two-factor authentication codes for exchanges and crypto services.
While having someone’s physical address is a much different situation. Intruders could potentially break and enter a home in search of a seed phrase or threaten an owner for a seed phrase.
S0 make sure to be safe and watch what emails and text messages that you open up from strangers you don’t know. If you weren’t expecting an email, the chances are that the message is fraudulent and could be maliciously designed to steal your funds.
Bitcoin is currently trading at [FIAT: $23,554.03 ] DOWN -1.3% in the last 24s hours according to Coingecko at the time of this report.