A hacker is dumping the database of cryptocurrency hardware wallet Ledger for free on database sharing and marketplace Raidforums.
In a post on the forum, a user who goes by the name Burgulema111 told community members that the hardware’s database was uploaded for free.
“Today I have uploaded the Ledger.com Database for you to download for free, thanks for reading and enjoy!”
According to the post, the data breach happened back in July after a website vulnerability allowed the hacker to gain access into the wallet’s customer’s details. The database was sold for 5BTC at the time on one of the forums.
The leak contains 2 .TXT files containing more than 1 million emails that have subscribed to the newsletter and 272.853 orders with full customer details (emails, addresses, and phone numbers).
Ledger addresses database dump
Ledger responded to the claims of the leaking of a database containing customer details. While the company is confirming the contents of the leak, they acknowledged that “early signs tell us that this indeed could be the contents of our e-commerce database from June 2020.”
Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.
— Ledger (@Ledger) December 20, 2020
Ledger is aware of the breach that took place in July. The company claims to have alerted the relevant authorities, users, and have taken steps to fight downstream attacks.
At the time, the company announced on its website that its e-commerce and marketing database was breached, exposing approximately 1 million emails and customer details that include emails, first and last names, phone numbers, postal addresses, and the product bought.
The hacker managed to gain access to the database by using a third-party API that was misconfigured on Ledger’s website. No customer funds were compromised as the attacker did not get hold of the users’ private keys and recovery phrases.
To ensure that this does not happen again, the company said that it strengthened its security system, reviewed the data policy, and hired a new Chief Information Security Officer (CICO).
What to expect
Ledger claims to have “taken down more than 170 phishing websites since the original breach.” However, this is not where the buck stops.
With the database now in the public domain where it can be easily accessed by hackers and nefarious actors, there are high expectations that phishing attacks, possibly targeting the Ledgers customers, will be on the rise.
Some of the phishing scams that Ledger users need to watch out for include actors pretending that new Know-Your-Customer (KYC) rules are due. Ledger is only a wallet and not an exchange and does not do KYC.
Other phishing attempts will pretend that a user’s Ledger wallet has been deactivated and ask for recovery phrases or private keys for KYC purposes.
Other instances pretend that a breach has occurred and in an effort to save funds, users are at risk of downloading a fake version of Ledger’s Live app.
For now, it is up to Ledger’s customers to guard themselves against falling victims to phishing attacks.