Reading Time: 2 minutes

A database containing the personal information of Ledger customers has been published on RaidForum, a database sharing site for buying, selling and sharing hacked information. It is alleged the database was obtained from a hack on Ledger’s archives back in June 2020.

The database contains 1,075,382 email addresses and 272,853 hardware wallet orders, with the order information containing the full names, emails, physical addresses and phone numbers of Ledger customers. In July 2020, Ledger claimed that only 9,500 customers’ personal details were exposed during the hack. This leak, however, shows that the extent of the hack far greater than initially reported.

Ledger confirmed that “early signs” from their research indicated that the database exposed on RaidFourms is from the hack that occurred in June 2020:

Cybersecurity site haveibeenpwned.com, claimed that 69% of the addresses from the database were already listed on their site. Meaning that 69% of the addresses from the database were already listed as having been compromised before the database was published on RaidFourms.

Ledger later said in a tweet: “It is a massive understatement to say we sincerely regret this situation. We take privacy extremely seriously. Avoiding situations like this are a top priority for our entire company, and we have learned valuable lessons from this situation which will make Ledger even more secure”.

Many Twitter users expressed their anger regarding the leak, with several raising concerns over their safety now that their personal information has been exposed, especially their physical addresses: “What’s stopping them from knocking on our doors?” – said one Twitter user.

Ledger warned customers of a potential new wave of phishing attempts now that the data has been made public, urging customers to never share their 24 word recovery phrase:

“MOST IMPORTANTLY: Never share the 24 words of your recovery phrase with anyone, even if they are pretending to be a representative of Ledger. Ledger will never ask you for them. Ledger will never contact you via text messages or phone call.”

Feature image by Crypto Trading Edge from flickr