Contact and personal information of over 270,000 Ledger users were posted online on sharing marketplace Raidsforum for free on December 20, 2020. Individuals whose email addresses and telephone numbers were posted online soon experienced cyber-harassment such as phishing attempts through email and phone calls.
The data leak included over a million email addresses that were subscribed to Ledger’s newsletter as well as 272,853 hardware wallet orders with sensitive information such as physical address and phone numbers.
Hudson Rock Co-founder and Chief Technology Officer Alon Gal mentioned in a series of tweets that this leak puts Ledger users in a risky position.
‘Individuals who purchased a Ledger tend to have a high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments [on] a larger scale than experienced before’, said Gal.
Numerous phishing attacks were soon reported with some users receiving emails telling them to download the latest version of the Ledger software by clicking a compromised link.
Phishing emails are common scams in the crypto world where users receive a believable email with a link that will take them to a page where they can enter their sensitive data such as the seed phrase.
The Ledger marketing database was hacked in July 2020 where 9,500 customers’ data were stolen. The hacker responsible for the previous breach could be the one behind the data dump as early signs reveal that the dumped information contained contents of Ledger’s compromised e-commerce database.
‘We were aware of this data breach, alerted the authorities, our users and have been fighting downstream attacks ever since’, said Ledger in a series of tweets.
The hardware wallet company stated through their Twitter account that they have since improved their security measures by hiring a new Chief Information Security Officer (CISO) and teaming up with security firms to execute penetration tests and forensic analysis. Over 170 phishing websites have been taken down since the attack in July.
However, Ledger users expressed disappointment over the company’s response. There have been cases before where crypto traders such as Singaporean Mark Cheng were kidnapped and held in exchange for their token. Some have threatened to take legal action against the company after the privacy breach.
Be updated with the latest developments and cryptocurrency news here at CryptoShimbun.