User on crypto twitter goes by the handle ‘Jimmy McShill’ [@JimmyMcShill] posting screenshots of uploaded files to forums purporting to link to the ‘full database’ of Ledger customer emails, phone numbers and addresses;
⚠️⚠️ Uhh shiit! A hacker is dumping the full @Ledger free database dump on radios! Emails, phone numbers and addresses!
Prepare for a spam wave and massive phishing!#bitcoin #cryptcurrencies #phishing #security pic.twitter.com/XAQQHZ2wkW
– Jimmy McShill (@JimmyMcShill) December 20, 2020
Ledger he responded indicating that they believe the data comes from a previous breach and not a new attack;
“Today we were warned about dumping the content of Ledger’s customer database on Raidforum. We are still confirming, but early indications are that this may well be the inclusion of our e-commerce database from June, 2020. ”
Is Ledger Safe?
If Ledger fails to keep personal information secure, can digital assets really be trusted? It is still unclear whether this is a new attack or the dumping of content from the first attack that occurred in June 2020. At the time it resulted in the exposure of as many as one million customer email addresses.
Following the breach, Ledger users were targeted by scammers and phishing attacks, some of which tried to entice users to download fake Ledger software or reveal their key phrases. This indicates that the data has already been leaked and this could be a new set of customer information.
The Block’s director of research, Larry Cermack, thinks this is far worse than the previous data breach as it includes physical references;
This Ledger leak is much worse than I thought. Did some cross checks with people who have purchased Ledgers and the hit rate is (anecdotally) like 50%. The information includes home addresses as well as telephone numbers.
– Larry Cermak (@lawmaster) December 20, 2020
CryptoPotato he spoke to one Ledger victim, an industry researcher, and a journalist who asked to remain anonymous. According to the source, the device was remotely accessed and cleared with several unauthorized transactions resulting in a loss of approximately $ 16,000 at the time in late 2019.
“The wallet was secured in a safe with the key phrase in another safe. Neither was broken into or accessed so I was amazed to find that the thing was drained of all the funds by three transactions that I did not. “
Realizing that there was little chance of recovering the loss, the victim contacted Ledger to try to find out how this might have happened in order to warn others. The company was uncompromising to say the least, just sending an apology and not even willing to investigate the fraudulent transactions.
As more personal information leaks out, Ledger users should start brushing about a maelstrom of incoming attacks that may now begin to target them personally.
PrimeXBT Special Offer: Use this link to register and enter code CRYPTOPOTATO35 to receive a 35% free bonus on any deposit up to 1 BTC.