Skip to main content

Crypto wallet data breach compromises hundreds of thousands of users

(Image credit: Shutterstock / REDPIXEL.PL)

Email addresses belonging to hundreds of thousands of users of a cryptocurrency wallet have been leaked online. It is an embarrassing development for Ledger, a hardware wallet manufacturer, who suffered a data breach back in June.

It appears that an unknown threat actor has managed to acquire email addresses of 1,075,382 individuals that subscribe to the Ledger newsletter, in addition to the names and addresses of 272,853 people that have purchased a Ledger device. Both sets of information were subsequently posted online, being shared freely on Raidforums.

At the time of the June data breach, Ledger posted that it worked quickly to patch the relevant security flaw and had notified all affected customers.

From breach to leak

We are actively monitoring for evidence of the database being sold on the internet, and have found none thus far,” Ledger explained in June. “We also performed an internal penetration testing and we are pushing forward the external penetration testing that was originally planned for September.”

Now it appears that the cyberattacker in possession of the hacked information was simply biding his or her time and has now shared the ill-gotten information online. Already, Ledger customers have begun notifying the company that they have been receiving a number of phishing emails.

In addition to digital harassment in the form of unwanted emails, Ledger customers may now find themselves at a greater physical security risk due to the nature of the Ledger wallet. As these are physical wallets, and generally owned by high-net-worth individuals, the appearance of names and addresses online represents a huge privacy invasion. The 24-word recovery phrase and optional secret passphrase used to access the Ledger wallet is now of even greater importance for individuals affected by the latest leak.

Via Bleeping Computer