Hacked Ledger data got dumped on Raidforums which is a site that is dedicated to sharing hacked databases as we read more about it in today’s crypto news.
The hacked Ledger data had more than a million Ledger customer emails which were leaked on the hacker site Raidforums. The data was stolen during the June 2020 hack of the hardware wallet producer’s e-commerce database. There was no financial information, keys, or recovery phrases exposed in the attack.
Leak is legit.
Over 1,000,000 email addresses
Over 250,000 physical addresses and phone numbershttps://t.co/hLoXv3BATk— Jameson Lopp (@lopp) December 20, 2020
About a million customer emails that were likely stolen from the hardware wallet producer Ledger were made available to the public on a hacker site today. Ledger said that it was confirming the details of the incident but admitted that the data could have some content of the e-commerce database from June 2020. The leaked data was published on the website including physical addresses, names, and phone numbers of the Ledger customers, and seems to originate from the hack of Ledger’s e-commerce database back in June.
New breach: Ledger had over 1M email addresses breached in June, sold, then dumped publicly today. Data also included names, physical addresses and phone numbers. 69% were already in @haveibeenpwned. Read more: https://t.co/F44bBWzioQ
— Have I Been Pwned (@haveibeenpwned) December 20, 2020
The bull leak reached a million email addresses and over 270,000 physical addresses and phone numbers. According to the cybersecurity site haveibeenpwned.com, it already listed 69% of the addresses in the dumped database as it was compromised from the time of the original hack. In a series of tweets, Ledger noted that it was alerted of the dump and it is still confirming whether the info is genuine. The company added:
“Early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020. This is a massive understatement to say we sincerely regret this situation.”
Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.
— Ledger (@Ledger) December 20, 2020
The original hack targeted the e-commerce database of Ledger which means that the only contact and order details were involved with no recovery phrases, financial information, or keys being exposed on the attack. There were more than 9000 phone numbers, postal addresses, and info on product purchases that were exposed in the hack. The attackers were able to access e-commerce database using an API key.
buy cialis sublingual online herbalshifa.co.uk/wp-content/themes/twentytwentytwo/inc/patterns/en/cialis-sublingual.html no prescription
Ledger Vp of Marketing Benoit Pellevoizin warned that all the leaked data could be used in phishing attacks in an attempt to lure customers into handing over their private keys:
“Basically, with emails, they can target our clients to impersonate Ledger to ask them for their seed phrase to gain access to coins… we never ask that.”
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at editor@dcforecasts.com
Discussion about this post