Posts are popping up on the forums that hardware wallet provider Ledger has suffered another data breach, including additional customer information leak.
A crypto user on Twitter with the nickname "Jimmy McShill" [@JimmyMcShill] posted screenshots of the files that were uploaded to the forums, ostensibly with a "complete database" of Ledger customer emails, phone numbers and addresses:
⚠️⚠️ Uhh shiit! A hacker is dumping the full @ledger database dump for free on raidforums! Emails, phone numbers and addresses!
Get ready for a huge spam and phishing wave!#bitcoin #cryptcurrencies #phishing #security pic.twitter.com/XAQQHZ2wkW- Jimmy McShill (@JimmyMcShill) December 20, 2020
In response Ledger statedthat, in their opinion, the data relates to a previous leak and not to a new attack;
“Today we were alerted to a content dump of the Ledger customer database on Raidforum. We are still confirming this, but early indications are telling us that this may indeed be the content of our e-commerce database from June 2020. ”
Is Ledger Safe?
If Ledger can't keep personal information secure, can they be trusted with digital assets? It is still unclear if this is a new attack or a content dump of the first attack that happened in June 2020. At the time, it led to the disclosure of up to a million customer email addresses.
Following the hack, Ledger users were targeted by scams and phishing attacks, some of which attempted to trick users into downloading fake Ledger software or reveal their passphrases. This indicates that the data has already been leaked and it could be a new set of customer information.
Unexpected losses
We spoke with one Ledger victim, an industry researcher and journalist, who wished to remain anonymous. According to the source, access to the device was removed and it was cleared through several unauthorized transactions, resulting in a loss of approximately $ 16000 at the end of 2019.
“The wallet was kept in a safe with a passphrase in another safe. None of them were hacked and there was no access to it, so I was stunned when I found that all the funds from this thing were depleted by three transactions that I did not commit. "
Realizing that there was little chance of a refund, the victim contacted Ledger to try to figure out how this might have happened in order to warn others. The firm did not agree, simply apologized and did not even want to investigate the fraudulent transactions.
Due to the leakage of additional personal information, Ledger users have to be very careful of potential attacks that may now begin to target them personally.
Is your information leaked?
Thereby free service you can easily check if your personal data has been leaked along with the Ledger database by simply entering your email address. The site will also indicate if your email address has been linked to other leaks.