Bitcoin wallet Ledger’s database hacked for 1 million emails

Bitcoin wallet Ledger’s database hacked for 1 million emails

Bitcoin hardware wallet maker Ledger revealed today that its e-commerce database was hacked last month, leaking one million emails and some personal documents. No user funds were affected by the breach.

Ledger said the attack targeted only its marketing and e-commerce database, meaning the hackers were unable to access users’ recovery phrases or private keys. All financial information—such as payment information, passwords, and funds—was similarly unaffected. The breach was unrelated to Ledger’s hardware wallets or its Ledger Live security product, the company added.

We review the Ledger Nano S to see if it deserves to be one of the top ranking crypto hardware wallets.
Ledger has a reputation for making secure hardware wallets to secure Bitcoin and other cryptocurrency. Photo Credit: Decrypt

“Solely contact and order details were involved. This is mostly the email address of approximately 1mln of our customers. Further to the investigation, we have also been able to establish that a subset of them was also exposed: first and last name, postal address phone number, and product(s) ordered,” said Ledger in its announcement.

A researcher participating in Ledger’s bug bounty program flagged the issue initially on July 14. The firm patched the problem at the time, but later discovered the breach had occurred weeks earlier on June 25. The cause: A third-party tool that accessed the marketing and e-commerce database using a (now-disabled) API key.

In a note to clients, Ledger CEO Pascal Gauthier said the firm was “extremely regretful” about the incident. He further cautioned users to be wary of phishing attempts: “We take privacy very seriously, we discovered this vulnerability thanks to our own bug bounty program, we fixed it immediately.”

“But regardless of all that we did to avoid and fix this situation, we sincerely apologize for the inconvenience that this matter may cause you,” added Gauthier.

Meanwhile, Ledger said France’s Data Protection Authority, the CNIL, was notified about the breach on July 16. The firm is also working with the Orange Cyberdefense (OCD) to find any evidence of the stolen data being sold online.

All affected users were notified about the breach today and the investigation is ongoing.

  • Bitcoin
  • Ethereum
  • Litecoin
  • Zcash
Scan to Donate Bitcoin to bc1qcc3xajxvdqjnx2f7j7sfcfun7jagr0nh94fa2e

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x704671D7591d05Dd0790E86Aee964558E9347b07

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Litecoin to ltc1q7tj9ydra9ylkelu42vypp6cu2v0msf5lc2p5mq

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Zcash to t1LiPaQ7gsSL23FbjXswpSoguP6yAE1xj5B

Donate Zcash to this address

Scan the QR code or copy the address below into your wallet to send some Zcash

 154 Interactions,  2 today

Crypto & Finance News