Hardware wallet manufacturer Ledger reports data breach of 1 million users
Last Updated on 29 July 2020 by CryptoTips.eu
Crypto hardware wallet company Ledger revealed on Wednesday that it had suffered a data breach in its marketing and e-commerce database in June.
The firm said that contact and order information for customers was exposed in the breach, but the payment information and customer funds were not affected. The wallet company further revealed that affected users have been contacted by email.
Data Breach discovered during bounty program
Ledger detailed the process behind the breach with the security outfit first realizing this vulnerability when a researcher participating in its bounty program revealed a potential breach on the company’s website on July 14.
Ledger quickly patched the breach and carried an internal investigation which revealed that the breach had been exploited weeks earlier on June 25, when a third party accessed the marketing and e-commerce database.
Since the attack targeted the marketing and e-commerce database, the party could not access customers private keys and recovery process. In addition, payment information, funds and passwords were not affected by the breach.
Ledger was quick to say that the breach was unrelated with its popular Ledger hardware wallets or Ledger Live security products. The company also noted that the emails of about 1 million users was compromised during this period.
Solely contact and order details were involved. This is mostly the email address of approximately 1mln of our customers. Further to investigation, we have also been able to establish that a subset of them were also exposed: first and last name, postal address phone number and product(s) ordered.
Your crypto assets are safe and are not in peril.
Ledger said.
Legder files report with French authorities following breach
Ledger revealed that the company had filed a report with France’s Data Protection Authority (CNIL) two days after the breach was discovered and had partnered with Orange Cyberdefense (OCD) to evaluate the damage and identify further breaches on its website.
The firm is still keeping an eye out for evidence of the stolen data being sold on the internet, but said it has not found any reason to believe that’s the case thus far. The OCD filed an initial report on July 24, but the investigation by CNIL is still ongoing.
