The hacker who broke Ledger’s hardware wallet provider’s marketing database earlier this year has released personal data to thousands of users, prompting many to threaten the company with a class-action lawsuit.
According to a tweet from Alon Gal, a Hudson Rock network security firm, a hacker allegedly behind a personal data breach of a hardware wallet Ledger in June has do all the information they have obtained is available online. This reportedly includes 1,075,382 email addresses from users who have subscribed to the Ledger newsletter, and 272,853 hardware wallet orders with information including email addresses, physical addresses, and phone numbers.
ALERT: The newly dumped threat actor @Ledgera database that has been rotating around for the past few months.
The database contains information such as Emails, Physical Addresses, Phone Numbers and more information about 272,000 Ledger buyers and Emails 1,000,000 additional users. pic.twitter.com/Sv9cQwhuNy
– Alon Gal (Under the Break) (@UnderTheBreach) December 20, 2020
“This spill poses a great risk to the people affected by it,” He said Gal. “Individuals who purchased Ledger tend to have a high net worth in cryptocurrencies and will now be subjected to cyber harassment as well as physical harassment on a larger scale than previously experienced.”
In response on Twitter, Ledger He said “early indications” seemed to confirm that the information released in the aftermath of the June data breach jeopardized the personal data of many of its users. Following news of the hack, many Ledger users indicated that they were being targeted through phishing attempts. Some said they received convincing emails asking them to download a new version of Ledger software.
“We are continually working with law enforcement to prosecute hackers and deter these scammers,” He said Ledger. “We have removed more than 170 phishing sites since the original breach.”
After experiencing months of reports of phishing attacks, many users seemed dissatisfied with Ledger’s response.
“If any lawyers want to start a class action suit, I’m sure many of us will jump aboard the ship,” He said Twitter user Ryan Olah. “This has just got 10,000x worse now.”
I’m going to take legal action against you very soon.
– Friendly Duck. HODL (@DuckHodl) December 20, 2020
While someone’s tokens are not most likely to be at risk of siphoning out of Ledger wallets, consumers could potentially compromise their own funds by falling for such phishing attempts sent to the emails or ‘ r the affected telephone numbers. Many have reported that such attacks have been trying to trick them into giving up their seed phrases, encouraging Ledger to repeat:
“Never share the 24 words of your recovery phrase with anyone, even if they pretend to be a Ledger representative. Ledger will never ask you about them. Ledger will never contact you by text message or a phone call. “
However, some Ledger users pointed out that phishing attacks are one potential threat they may face now that their physical addresses are public. People with large amounts of crypto holdings have the risk of being kidnapped and held until they give up their tickets, as was the case with Singaporean entrepreneur Mark Cheng in January.
“This is a serious cut and I’m worried that people now have our addresses,” He said Twitter user Paul Smith. “What stops them from knocking on our doors? Sorry to tell the truth is not enough.”