Ledger users threaten legal action after hacker dumps personal data

Published at: Dec. 20, 2020

The hacker that breached hardware wallet provider Ledger’s marketing database earlier this year has released personal data for thousands of users, prompting many to threaten the firm with a class-action lawsuit.

According to a tweet from network security firm Hudson Rock's Alon Gal, a hacker allegedly behind the breach of personal data from hardware wallet Ledger in June has made all the information they obtained available online. This reportedly includes 1,075,382 email addresses from users subscribed to the Ledger newsletter, and 272,853 hardware wallet orders with information including email addresses, physical addresses, and phone numbers.

ALERT: Threat actor just dumped @Ledger's database which have been circling around for the past few months.The database contains information such as Emails, Physical Addresses, Phone numbers and more information on 272,000 Ledger buyers and Emails of 1,000,000 additional users. pic.twitter.com/Sv9cQwhuNy

— Alon Gal (Under the Breach) (@UnderTheBreach) December 20, 2020

"This leak holds major risk to the people affected by it," said Gal. "Individuals who purchased a Ledger tend to have high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments in a larger scale than experienced before."

In a response on Twitter, Ledger said "early signs" seemed to confirm that the released information was from the June data breach that compromised the personal data of many of its users. Following news of the hack, many Ledger users reported being targeted through phishing attempts. Some said they received convincing-looking emails asking them to download a new version of the Ledger software.

"We are continuously working with law enforcement to prosecute hackers and stop these scammers," said Ledger. "We have taken down more than 170 phishing websites since the original breach."

After experiencing months of reports on phishing attacks, many users were seemingly unsatisfied with Ledger's response. 

"If any lawyers want to start a class action suit, I’m sure many of us will jump on board," said Twitter user Ryan Olah. "This has just gotten 10,000x worse now."

I’m going to take legal action against you very soon.

— a Friendly Duck. HODL (@DuckHodl) December 20, 2020

Though someone's tokens are most likely not in danger of being siphoned out of Ledger wallets, users could potentially compromise their own funds by falling for such phishing attempts sent to the affected emails or phone numbers. Many have reported that such attacks have been trying to trick them into giving up their seed phrases, prompting Ledger to reiterate:  

"Never share the 24 words of your recovery phrase with anyone, even if they are pretending to be a representative of Ledger. Ledger will never ask you for them. Ledger will never contact you via text messages or phone call."

However, some Ledger users pointed out that phishing attacks are just one possible threat they may face now that their physical addresses are public. People with a large amount of crypto holdings run the risk of being kidnapped and held until they give up their tokens, as was the case with Singaporean entrepreneur Mark Cheng in January. 

"This is a serious breach and I am concerned that people now have our addresses," said Twitter user Paul Smith. "What's stopping them from knocking on our doors? Saying sorry, frankly, isn't enough."

Tags
Related Posts
Ledger Crypto Wallet Claims Purported Vulnerability Is User Experience Flaw
Leading crypto hardware wallet producer Ledger has denied that its product’s transaction management software featured a double-spend vulnerability. According to Ledger’s CTO Charles Guillemet, the vulnerability recently revealed by software wallet ZenGo is — in fact — nothing more than a user experience flaw. He illustrated the nature of its hardware wallet companion software Ledger Live to Cointelegraph: “It’s important to understand that rather than an attack, the actual flaw may be seen more as a clever piece of trickery. Trickery is not a vulnerability. However, we do want to prevent anyone from falling victim to these kinds of clever …
Technology / July 6, 2020
Cybersecurity firm uses encrypted hard drive with Bitcoin to test applicants
Researchers wishing to apply to New York-based Red Balloon Security have to complete an unusual technical interview as part of their application process: unlocking a hard drive containing crypto. According to a report from Business Insider, Red Balloon sends the hard drives to certain candidates for cybersecurity research positions at the firm. Anyone who has the “the skills and passion” to crack the encryption would be able to claim 0.1337 Bitcoin (BTC), or roughly $4,800 at the time of publication. Applicants who are able to access the coins are told to purchase a ticket to New York City for the …
Technology / Jan. 18, 2021
Developers could have prevented crypto's 2022 hacks if they took basic security measures
Users losing funds due to malicious activity is hardly unknown on Ethereum. In fact, it is the very reason researchers recently developed a proposal to introduce a type of token that is reversible in the event of a hack or other unsavory behaviors. Specifically, the suggestion would see the creation of an ERC-20R and ERC-721R, which would be modified versions of the standards that govern both regular Ethereum tokens and nonfungible tokens (NFTs). The premise goes like this: this new standard would allow users to make a “freeze request” on recent transactions that would lock those funds until a “decentralized …
Technology / Nov. 13, 2022
Coinbase discloses recent cyberattack targeting employees
Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said. As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions: "While the majority ignore this unprompted message - one employee, believing that it’s an important …
Technology / Feb. 22, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023