Ledger’s database with 270k physical addresses, 1M emails leaked on Raidforms - OhNo WTF Crypto

Breaking News

Ledger’s database with 270k physical addresses, 1M emails leaked on Raidforms

#crypto #bitcoin

A database from hardware wallet company Ledger was leaked earlier today. The leaked data, which consists of over 270,000 physical addresses and phone numbers along with a million email addresses, was made publicly available on hacker website Raidforms.

According to reports, the data in question was stolen during a hack of Ledger’s e-commerce database back in June.

While Ledger acknowledged that its database had been compromised as a result of this hack, the company claimed that only 9,500 phone numbers, postal addresses, and details of product purchases were exposed. Despite these claims, however, many speculate that the actual volume of leaked data is considerably higher than what Ledger seems to be claiming.

The company said,

“It is a massive understatement to say we sincerely regret this situation. We take privacy extremely seriously.”

Reportedly, Ledger is working with law enforcement agencies to prosecute these hackers, with over 170 phishing websites taken down since the original data breach.

Although no financial information was leaked, users were concerned that this publicly availably leaked data posed a greater threat than just phishing attacks. As one user stated,

“Individuals who purchased a Ledger tend to have a high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments on a larger scale than experienced before.”

Another called the company out on Twitter, calling the leak unforgivable and stating,

“Cut off business with them, only way companies in this space are gonna learn to take our physical security seriously.”

In fact, the community outrage was so significant that some even threatened legal action.

The aforementioned episode highlights the dangers of storing information on a single server, one that is susceptible to hacks. According to some speculations, the new proposed Treasury Rule change that forces more KYC/AML upon users will only create more vulnerabilities for cyber-attackers to take advantage of.


via https://www.ohnocrypto.com

Samyuktha Sriram, @KhareemSudlow