Ledger Hacker Dumps Hardware Wallet Users’ Personal Info on Public Server

Shine Li   Dec 21, 2020 06:52

Ledger, the leading cold wallet providing company, appears to be reaping the consequences of an earlier hack that saw its e-commerce database compromised.

Earlier in June, Ledger’s e-commerce and marketing database was hacked, and as a result, millions of clients’ confidential information secured on the company’s servers were compromised. Confidential information, such as phone numbers, email addresses, and physical addresses were stolen, and it appears that the hacker has now exposed it all on an online data-sharing platform dubbed Raidforum.

The dump that recently occurred has served to anger many Ledger customers, who threaten to pursue the company in a legal class-action lawsuit. Although no cryptocurrencies were reported to be stolen in the process, as the storage was offline, the exposure of such a large-scale database could still pose severe risks to Ledger customers, according to cybersecurity expert Alon Gal. He said that this could potentially trigger cyber and physical harassments and explained:

“This leak holds major risk to the people affected by it! Individuals who purchased a Ledger tend to have a high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments in a larger scale than experienced before.”

Ledger has since apologized for the breach and advised customers against phishing attacks that may potentially occur in the near future. Its team said it was investigating the incident to confirm whether the leaked client information was from the earlier hack in June, but clues seem to point towards the indication that it was.

With the confidential information in its possession, the hacker (or hackers) may potentially impersonate Ledger executives through emails in an attempt to extract cryptocurrency funds. Ledger advised:

“STAY VIGILANT OF ONGOING PHISHING SCAMS! Never share the 24 words of your recovery phrase with anyone, even if they are pretending to be a representative of Ledger. Ledger will never ask you for them. Ledger will never contact you via text messages or phone call." 

Image source: Shutterstock

Ledger and Tezor Dismiss Rumor That Hackers Have Stolen Data from Popular Crypto Wallet Providers

Read More