June 15, 2021

Ledger user database is now publicly available

Users of Ledger hardware wallets should prepare for a new wave of attacks. Base with their data got into the public domain. Security researcher Alon Gal drew attention to this.

The data breach occurred in the middle of this year.The manufacturer then stated that an unknown person connected to its systems using an API key and stole the data of about a million users, primarily their email addresses. Also, in certain cases, cybercriminals took possession of information about the real names of customers, postal addresses, phone numbers and ordered products. Payment information and cryptocurrency assets were not affected, the company said.

Gal shared a screenshot of a post from a hacker forum.

“The first confirmed price for this base was 5 BTC,” the author writes. - Someone bought it from another guy on one of the forums. You can get it for free today. "

There are two text files attached to the message:one contains the email addresses of 1,075,382 subscribers to the Ledger mailing list, and the other contains the details of 272,853 orders with full details including emails, addresses and phone numbers.


“Leakage poses a major risk to those affectedher people! - writes Gal. - Ledger users tend to hold large amounts of cryptocurrencies. They will now face harassment on the internet and in the real world on a scale they have never experienced before. ”

Other forum participants expressed dissatisfaction withlinks to the actions of the author of the post, noting that the Ledger user database was previously sold for six figures. The Block analyst Larry Cermak says that the consequences of the leak can be much more serious than it initially seemed, since in half of the cases verified, the data in the database turned out to be correct.

Users report that after posting theyhave already begun to receive phishing emails, in which they are notified that the wallet has allegedly been disabled, and in order to resume access, they must be identified using the specified link. Some also claim that the company assured them that they did not fall under the leak, but now they find their data in a public database.

Ledger commented on what is happening:

“We are continuing to investigate, but early signsindicate that this may indeed be a database leaked in June 2020. To say that we are extremely sorry for this situation is to say nothing. Since July, we've taken every possible step to make the Ledger more reliable in the future. Never share the 24 words of your recovery phrase with anyone, even if they claim to be Ledger representatives. Ledger will never ask you for this and will not contact you via text messages or calls. "