Ledger released hardware wallet company Ledger earlier today. The data revealed, which includes over 270,000 physical addresses and phone numbers plus a million email addresses, was publicly available on the Raidforms hacker website.
According to reports, the data in question was stolen during a piece of Ledger’s e-commerce database back in June.
ALERT: The newly dumped threat actor @Ledgera database that has been rotating around for the past few months.
The database contains information such as Emails, Physical Addresses, Phone Numbers and more information about 272,000 Ledger buyers and Emails 1,000,000 additional users. pic.twitter.com/Sv9cQwhuNy
– Alon Gal (Under the Break) (@UnderTheBreach) December 20, 2020
While Ledger acknowledgment that its database was compromised as a result of this hack, the company claimed that only 9,500 phone numbers, postal addresses, and product purchase details were revealed. Despite these claims, however, many speculate that the actual size of the leaked data is significantly higher than Ledger seems to be claiming.
The company said,
“It is a huge understatement to say that we deeply regret this situation. We take privacy very seriously. ”
According to reports, Ledger is working with law enforcement agencies to prosecute these hackers, with over 170 phishing websites removed since the original data breach.
Although no financial information was leaked, consumers were concerned that this publicly available data was more of a threat than phishing attacks alone. As a single user noted,
“Individuals who purchased Ledger tend to have high net worth in cryptocurrencies and will now be subject to cyber as well as physical harassment on a larger scale than has been experienced before.”
Another called the company out on Twitter, calling the leak unforgivable and note,
“Cutting business with them is the only way companies in this space are going to learn to take our physical safety seriously.”
In fact, the community anger was so great that some even threatened to legalize action.
The chapter above highlights the dangers of storing information on one server, one that is vulnerable to hacks. According to some speculations, the proposed new change to the Treasury Rule that imposes more KYC / AML on consumers will only create more vulnerabilities for cyber attackers to exploit.