- A hacker who stole customer information from Ledger dumps them online.
- The wallet maker has promised to tackle the situation, but customers are tired of promises.
Top crypto wallet manufacturer Ledger could face a class-action suit as users fear that their personal information might get leaked.
Over the weekend, Gal Alan, a researcher at network security firm Hudson Rock, confirmed that a hacker who broke into Ledger’s systems earlier this year has begun dumping the stolen information online.
Ledger’s Users are Acutely Vulnerable
As Alan’s tweet revealed, the hackers managed to get their hands on 1,075,382 Email addresses from customers who had subscribed to Ledger’s newsletter service.
They also stole 272,853 hardware wallet orders that contained information like physical addresses, phone numbers, and Email addresses. The data was published on RaidForms, a marketplace for exchanging stolen information.
Explaining the hack’s implications, Alan pointed out that most people who use Ledger tend to have vast amounts in crypto holdings.
With their details out, they can be subjected to large-scale physical and online harassment.
Information gotten from attacks like these can be used for several purposes. Hackers could decide to sell the data to companies, use them in phishing attacks, or engage in identity theft. The hack in question might not have threatened users’ funds, but the possible aftermaths very well could.
Affected users tired of the talk
In its response, Ledger posited that the information dump was related to a data breach in June. Ledger only acknowledged the hack a month later, explaining in a blog post that a researcher participating in its bounty program had notified it of the potential vulnerability.
While they managed to fix the problem, additional investigations found that an unauthorized third party had made similar actions in June.
The hacker reportedly used an API key to access Ledger’s e-commerce and marketing database, which the firm used to send promotional Emails. Ledger confirmed that the breach affected the Emails of almost a million users.
It added that details such as first and last names, phone numbers, and postal addresses for about 9,500 customers were also exposed.
Following the news of the hack, several Ledger users complained of being targets in several phishing campaigns. Some added that they had gotten convincing Emails asking them to download updates to their wallet applications. The wallet manufacturer explained:
Subscribe to our daily newsletter!
No spam, no lies, only insights. You can unsubscribe at any time.
We are continuously working with law enforcement to prosecute hackers and stop these scammers. We have taken down more than 170 phishing websites since the original breach.
Users soon got antsy and began threatening legal action. While Ledger can strengthen its security protocols, the damage appears done. Users’ data has been leaked, and there’s every chance that some might fall for expertly-crafted phishing scams.
