A data breach happened in July 2020 on Ledger, where the personal information of more than 270000 customers was leaked. Yesterday, a hacker released the data on RaidForums.
A news article on Theblockcrypto a database on Ledger containing the personal information of more than 270000 customers, was released on RaidForums. RaidForums is a forum where marketers can share details of hacked data for buyers and sellers.
The Block reviewed the database and found out that the information of the clients, including physical address, phone number, as well as email was present. This is after a leak that occurred in July 2020, where the emails of more than 1 million Ledger consumers were out in the open.
Jameson Lopp Cypherpunk · Co-founder & CTO, @CasaHODL & @BTC Times Editor, and @INXLimited Advisor had this to tweet on the leak.
Leak is legit.
Over 1,000,000 email addresses
Over 250,000 physical addresses and phone numbershttps://t.co/hLoXv3BATk
— Jameson Lopp (@lopp) December 20, 2020
Ledger had accepted in the month of July 2020 that they had a leak where the details of more than 9,500 customers had their information compromised. The company said that they anticipate more details of clients may have been leaked in July.
A news post on Hackread too claimed the same thing. They checked the logs of a third-party app where it showed that details of 9500 clients were impacted. Ledger has already taken security measures to see that these incidents do not keep occurring.
The early signs in the hacking technique highlight the data taken from the attack in July. The company also said that they regret this situation, causing massive inconvenience to their customers, and they would do everything to avoid situations like the same.
Readers may want to note that the data compromise was known only after a bug bounty reported the instance to the company. The company took evasive action immediately. Sadly, they saw the hack occur again on the 25th of July 2020, where it further surged.
Clients who are using Ledger may want to remain cautious of the use and avoid using emails or phone numbers that are sent from hackers. They are most likely sent from hackers who want to steal your information, so avoid clicking or responding to the phone number or email.