Ledger leak: More customers affected than previously known

Around 292,000 Ledger hardware wallet owners are in the unwanted situation of having their private address data made public. Ledger informs: The hack of the internal database was bigger than thought.

In August 2020, hardware wallet manufacturer Ledger had to admit that hackers had stolen customer data. At the time, there was talk of around 1 million email addresses and just under 10,000 records containing names, home addresses and phone numbers. But the incident had in reality much larger dimensions, as Ledger now makes public in a blog post. According to this, a total of 292,000 potentially sensitive data records of Ledger customers fell into the wrong hands.

Embarrassing wealth of data at Ledger

Through internal investigations and external information, Ledger has come to a shocking conclusion. On the one hand, about 272,000 data records of Ledger customers have been in circulation since the leak in the summer of 2020 and now there are an additional 20,000 that were apparently tapped at the cooperation partner Shopify.

It is true that the stolen customer profiles cannot be used to directly hack or manipulate the Nano S and Nano X hardware wallets. However, Ledger and customers report increased phishing attacks. Attackers try to use the personal data to credibly pretend to be a Ledger customer service representative, for example. Anyone who then reveals their recovery phrase as the decisive password must reckon with their hardware wallet being plundered.

Just as critical: Observers fear that there may be attempts to break into the owners of Ledger hardware wallets. Because with the knowledge of the existence of a Ledger hardware wallet plus home address, it is obvious to criminals that loot is stored there. Meanwhile, Ledger offered a reward of 10 Bitcoin (BTC) for information that helps to find the hacker(s).

Further, from now on, Ledger plans to store private customer data for shorter periods than before, increase security precautions, and limit its communications about important updates and security to Ledger Live. Email addresses and social networks will only be used for information about new products and general communications.

Conclusion: Ledger gambles away trust

It remains disconcerting how Ledger is only gradually coming out with the true extent of illegally copied customer data. This could also have an impact on the basis of trust, which is a prerequisite when offering hardware wallets as a digital safe for Bitcoin and Co. If you use a Ledger hardware wallet, then remember: The recovery phrase of 24 words is the decisive key to your Ledger Nano S or Ledger Nano X and must not be passed on under any circumstances.

Best place to buy Bitcoin:

Be the first to comment

Leave a Reply

Your email address will not be published.