The names, mailing addresses, and phone numbers for 272,000 customers of cryptocurrency wallet company Ledger have been released online by hackers. The hackers gained access to the information when they penetrated Ledger's databases in July this year. According to reports, the stolen information has been posted at Raidforums, a site for sharing hacked databases.
- The personal details and contact information for 272,000 customers of crypto wallet company Ledger have been leaked online by hackers.
- Hackers gained access to the information during a June intrusion into the company's e-commerce and marketing databases.
- Ledger says that customer funds and assets are not affected.
"… this data breach has no link nor impact on our hardware wallets, the app or your funds. Your crypto assets are safe. While very truly and sincerely regrettable, this breach concerns only e-commerce related information," the company stated in a post on its site.
"We're still investigating this ongoing issue, but the dumped content may be Ledger's e-commerce database that was exposed during the data breach in June 2020. This database may be used by scammers for phishing attacks through emailing and text message campaigns. Our Customer Support team has been working to notify our users via Twitter and responding to questions while also reporting all tweets and Reddit posts that contain a link to the database," a spokesperson for the company told online publication Gizmodo.
France-based Ledger disclosed in July this year that it had discovered a breach of its e-commerce and marketing databases resulting in theft of customer email addresses. Hackers are supposed to have used that information to conduct a phishing scam by sending out fraudulent order confirmation and marketing emails to the company's customers. At the time of the July hack, Ledger said that 1 million email addresses along with personal details and contact information for 9,500 of its customers had been compromised. It also said that the breach has not affected its hardware wallets or Ledger Live, its app for managing wallet services.
In a tweetstorm, Ledger has stated that it was "working with law enforcement to prosecute the hackers stop these scammers. We have taken down more than 170 phishing websites since the breach."
According to crypto publication Decrypt, the Ledger database hackers are now threatening to physically rob private keys, which are required to access crypto funds, unless they are paid a ransom by the online wallet company's customers. Ledger CEO Pascal Gauthier seems to have worked out the economics of such an occurrence and told the publication that the emails are an "online scam."
"To actually move to someone's home is a very costly event," Gauthier said, adding that hackers will optimize their operations by spending as little as possible for a ransom. But he counseled wallet holders not to store their private keys at home. "Would you keep a million dollar in cash at home? If you have that much wealth, you shouldn't keep it in your house," he said.