- Hardware wallet firm, Ledger, was hacked several months ago, with hackers accessing its user database.
- At the time, the company claimed that hackers only affected a small group of the firm’s customers.
- After the data emerged on a hacking forum, it turned out that the leak is much bigger than Ledger admitted.
Ledger, a well-known hardware wallet firm, suffered a major data leak earlier this year. The leaked data quickly emerged on RaidForums, a hacker website, where it became publicly available.
The leak includes more than 1 million email addresses, as well as 270,000 physical addresses and phone numbers of Ledger users.
New Information Regarding the Ledger Hack Emerges
Ledger acknowledged the incident in a recent tweet, noting that it is continuously working with law enforcement to prosecute hackers and stop the scammers. The company also admitted that the leakage was a result of a hack that had its database compromised. However, it also claimed that only 9,500 phone numbers, product purchase details, and postal addresses were stolen by the attackers, when the real number turned out to be quite a bit higher.
Between the original hack (June 2020) and the time the tweet was published, Ledger and the authorities managed to take down over 170 phishing websites.
We are continuously working with law enforcement to prosecute hackers and stop these scammers. We have taken down more than 170 phishing websites since the original breach.
— Ledger (@Ledger) December 20, 2020
The company further addressed the incident by assuring everyone that it takes privacy very seriously, and that it is a massive understatement to say that it sincerely regrets the incident.
The Community is Outraged
Fortunately, no financial information of its customers was leaked. Despite that, the company’s customers are still open to phishing attacks, and many fear that they could be in much greater danger.
One user pointed out that individuals who purchased one of Ledger’s wallets tend to have quite a significant net worth, as far as cryptocurrencies are concerned. As a result, the firm’s customers are now likely to be subject to physical and cyber harassment on a large scale.
Many were quite unforgiving towards the company, calling for others to cut off business with Ledger and set an example for other companies in order to teach them to take users’ physical security seriously.
Indeed, many even threatened to take legal action against the firm.
Once again the incident shows just how dangerous it is to store the majority of information on a single server. Many now fear that the future will bring even more incidents like this due to the Treasury Rule change, which forces even more KYC/AML checks upon the users.