Data dump exposes Ledger users to fraud
French crypto wallet manufacturer Ledger is under fire after sensitive information of 272,000 customers leaked to a hacker forum overnight.
Keep sharp. Names, phone numbers, and physical mailing addresses of Ledger users were found uploaded to RaidForums, which operates as a marketplace for stolen databases.
An additional one million email addresses were also posted online. Sadly, Ledger users are now warned they could soon be targets of fraud and other social engineering attacks.
Old hack, new leak? Crypto wallet owners are considered high-value targets by cybercrims, with some reports claiming the stolen data sold for around $60,000 before it was shared for free.
Ledger first disclosed an attack of this kind back in June, but at the time said just 9,500 customers had been affected.
Phishing for whales. Spear-phishers have been targeting Ledger users since around the time of the company’s first disclosure.
Mostly, fraudsters bait targets into clicking on malicious links shared by SMS or email — the idea being that anyone with a cold wallet simply must be loaded with digital cash ripe for the taking.
What can you do? Not much. If you’ve bought one of Ledger’s devices, we suggest extra caution when opening anything resembling correspondence from Ledger.
Now more than ever, don’t click on suspicious links delivered via email or SMS. Changing your phone number and email address might also be a good idea, and never (ever) give up your seed phrase.
All that’s left is to reconsider how readily we share personal information with companies, whether they’re industry insiders like Ledger or otherwise.
For what it’s worth, Ledger says it’s totally sorry for the snafu, having hired a new chief security officer to restore faith — but the company is surely a long way from regaining the community’s trust, if it’s even possible.