Published a database, property of Ledger
A database of the company Ledger, which is dedicated to hardware cryptocurrency wallets, was published, on 20th of December, on the Raidforum, following unauthorised access.
The security incident had already been identified on 14th of July thanks to an investigator who contacted through the corporate bounty program, reporting an incorrect configuration of the third party API key for the database in question.
The data affected includes information about 272,000 customers, relating to marketing and e-commerce, including: email address, name, telephone number, postal address and type of product purchased. No financial data was compromised.
The data violation was solved the same day by deactivating the API key and currently, corporate cybersecurity measures have been reinforced. Customers have also been asked to be wary of possible phishing attacks.
References:
- 20/12/2020 twitter.com Ledger’s tweets
- 20/12/2020 ledger.com E-commerce and Marketing data breach - FAQ
- 22/12/2020 ledger.com Ongoing phishing campaigns
- 20/12/2020 es.ambcrypto.com Base de datos de Ledger con 270k direcciones físicas, 1 millón de correos electrónicos filtrados en Raidforms
- 21/12/2020 bleepingcomputer.com Physical addresses of 270K Ledger owners leaked on hacker forum
- 21/12/2020 xataka.com Filtran los datos de usuarios de una empresa de carteras Bitcoin: hay quien dice estar recibiendo amenazas de asalto a casa