Crypto wallet data breach compromises hundreds of thousands of users

(Image credit: Shutterstock / REDPIXEL.PL)

Email addresses belonging to hundreds of thousands of users of a cryptocurrency wallet have been leaked online. It is an embarrassing development for Ledger, a hardware wallet manufacturer, who suffered a data breach back in June.

It appears that an unknown threat actor has managed to acquire email addresses of 1,075,382 individuals that subscribe to the Ledger newsletter, in addition to the names and addresses of 272,853 people that have purchased a Ledger device. Both sets of information were subsequently posted online, being shared freely on Raidforums.

At the time of the June data breach, Ledger posted that it worked quickly to patch the relevant security flaw and had notified all affected customers.

From breach to leak

We are actively monitoring for evidence of the database being sold on the internet, and have found none thus far,” Ledger explained in June. “We also performed an internal penetration testing and we are pushing forward the external penetration testing that was originally planned for September.”

Now it appears that the cyberattacker in possession of the hacked information was simply biding his or her time and has now shared the ill-gotten information online. Already, Ledger customers have begun notifying the company that they have been receiving a number of phishing emails.

In addition to digital harassment in the form of unwanted emails, Ledger customers may now find themselves at a greater physical security risk due to the nature of the Ledger wallet. As these are physical wallets, and generally owned by high-net-worth individuals, the appearance of names and addresses online represents a huge privacy invasion. The 24-word recovery phrase and optional secret passphrase used to access the Ledger wallet is now of even greater importance for individuals affected by the latest leak.

Via Bleeping Computer

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.