Just recently, the hardware wallet manufacturer Ledger has been dealing with a lot of criticism for the e-commerce customer data leak that took place last June. The data contained the emails of a million Ledger wallet customers, and thousands of clients had additional information leaked like phone numbers and residential addresses. Reports now detail that the hackers have dumped the Ledger leak data on the sharing marketplace Raidforums for free.
Hackers Dump Ledger Wallet E-Commerce Customer Data on Raidforums
One of the most topical conversations in the cryptocurrency space in the last 24 hours has been the notorious Ledger wallet e-commerce customer data leak. According to the hardware wallet manufacturer’s own testimony, the e-commerce marketing database was breached on June 25, 2020. They found out the database was exploited after a researcher tipped the company off on July 14, 2020, and they initiated an internal investigation.
“Contact and order details were involved. This is mostly the email address of our customers, approximately 1M addresses,” Ledger wrote at the time of discovery. “Further to investigating the situation we have also been able to establish that, for a subset of 9,500 customers were also exposed, such as first and last name, postal address, phone number or ordered products.”
Last week, news.Bitcoin.com reported on the Ledger leak situation, as it has come back to haunt the company. A great number of people said they had received phishing emails and some individuals have reportedly lost funds. Additionally, a number of Ledger customers that had their phone numbers leaked have been detailing that malicious text messages have been sent to their phones. Making matters far worse, reports on December 20, 2020, indicate that the hackers have decided to dump all the info for free on the Raidforums marketplace.
1% of the Ledger customers from the recent leak went to the trouble of protecting their home address with a PO Box or private mailbox.
— Jameson Lopp (@lopp) December 20, 2020
A number of cryptocurrency proponents have been reporting on the data dump on social media and there’s also a Pastebin file going around with the dump as well. “A hacker is dumping the full Ledger database dump for free on Raidforums,” tweeted one individual. “Emails, phone numbers, and addresses. Get ready for a huge spam and phishing wave,” he added. According to the Raidsforums post, identity info for 272,000 Ledger owners were included with the 1 million email addresses.
The cofounder and CTO of Hudson Rock otherwise known as “Under the Breach” also reported on the data dump.
“ALERT: Threat actor just dumped Ledger’s database which has been circling around for the past few months,” he tweeted. “The database contains information such as Emails, Physical Addresses, Phone numbers, and more information on 272,000 Ledger buyers and Emails of 1,000,000 additional users. This leak holds [a] major risk to the people affected by it.”
The security expert added:
Individuals who purchased a Ledger tend to have a high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments on a larger scale than experienced before. Other forum members are not appreciating the leaker taking away their potential 6 figure sales for this database.
Ledger Responds, Regrets the Situation
Ledger’s official Twitter account also discussed the data dump on Sunday. “Today we were alerted to the dump of the contents of a Ledger customer database on Raidforums,” the company tweeted. “We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June 2020.”
The hardware wallet manufacturing company also added:
It is a massive understatement to say we sincerely regret this situation. We take privacy extremely seriously. Avoiding situations like this are a top priority for our entire company, and we have learned valuable lessons from this situation which will make Ledger even more secure.
Ledger says that since July the firm has done “everything possible to make Ledger stronger for the future” and also hired a new Chief Information Security Officer (CISO). The company says that it is “further hardening” its systems and have thoroughly reviewed their data policy. “We executed penetration tests and forensic analysis with external security firms to test these and find any additional vulnerabilities on our e-commerce systems,” Ledger added on Sunday.
What do you think about the Ledger e-commerce database being leaked on Raidforums? Let us know what you think about this subject