Hacked Ledger Database Dumped on Raidforums Making Way For Phishing Attacks

Crypto Twitter was buzzing after a leak in the database of Ledger’s hardware wallet today, consisting of more than 270,000 physical addresses and phone numbers and a million email addresses, made available on the hacker’s site, Raidforums.

What Was The Nature of Leaked Information?

The data theft was reportedly during a hack into Ledger’s e-commerce database in June. On the plus side, Ledger users can now see first-hand whether their personal information gained exposure during the hack.

The original hack targeted Ledger’s marketing and e-commerce database, meaning only contact and order details are visible. No financial information, recovery phrases, or keys were on display during the attack.

According to the cybersecurity website hasibeenpwned.com, 69% of the dump database addresses were vulnerable since the first hack. However, Ledger reported at that time that 9,500 customers had their personal information compromised.

In a series of tweets, Ledger said it was aware of the database dump and confirmed the leak was real. Additionally, the company said that early indications suggest that this may indeed be the content of their June 2020 e-commerce database. “It is a big understatement that we sincerely regret this situation,” Ledger added.The attacker had access to the e-commerce database using a disabled API key.

Phishing Attacks Expected

Unfortunately, due to the ledger database leak, many users are receiving phishing scam emails. Benoit Pellevoizin, vice president of marketing at Ledger, warned that the phishing attacks are an attempt to trick Ledger customers into giving out their private keys.

Pellevoizin says that primarily via email, phishers can instruct customers to introduce themselves to Ledger to ask for their opening phrase to gain access to coins, something that Ledger would never ask.

In a tweet today, Ledger reiterated that consumers should not share their 24-word recovery phrase with anyone even if they pretend to be a Ledger agent. The company has also created a website where users can report details of a phishing attack.

It is a massive understatement to say we sincerely regret this situation. We take privacy extremely seriously. Avoiding situations like this are a top priority for our entire company, and we have learned valuable lessons from this situation which will make Ledger even more secure

— Ledger (@Ledger) December 20, 2020

Ledger added that it is very disparaging to say that they sincerely regret this situation. They take confidentiality very seriously and will make the Ledger safer. 

Even though there was no financial information leaked, users are concerned that this publicly available leak is a more significant threat than a phishing attack. One user commented that Ledger users typically have high cryptocurrency assets and will be exposed to more cyber and physical abuse than ever before.

In a statement during the original hack, Ledger said French data protection authority CNIL knew of the breach on July 16 and are looking into the hack.