Ledger was attacked in July 2020, but recent reports now fully reveal the attack that took place in the summer.Ledger, based in France, is the largest cryptocurrency hardware wallet company. According to reports, despite the firm’s reputation, it was unable to secure the database containing the personal data of these customers.

Ledger leak largely disguised

The company discovered a security flaw that gave hackers unauthorized access to a database containing personal contact information of Ledger’s e-commerce customers. Details included e-mail addresses, first and last names, home addresses and phone numbers.

While Ledger first reported the breach in July 2020, the true details of the event were only revealed yesterday, when hackers posted hacked data of hundreds of thousands of people.

Overall, Ledger mistakenly disclosed the phone numbers and home addresses of more than 270,0000 customers. More than one million customers’ e-mail addresses were also leaked from the marketing database.

Ledger previously reported that hackers stole personal data of only 9,500 customers. The data was first published on Raidforums and then spread to other websites such as Intelx and others.

See Also
December 20 Ripple price analysis: What's next for XRP?

Third Party API Issues

Ledger learned of the data breach on July 14 during a bug bounty program. Although the company resolved the problem immediately, it was too late.

Prior to the data breach, Ledger allowed a marketing company (an unknown partner) to access its e-commerce and marketing database via an API.

However, the API was configured incorrectly on Ledger’s website.

“The API key misconfiguration in question has been working since August 9, 2018,” Ledger said. “Based on the information we have, we believe it was discovered and used from April 2020 until June 28, 2020”.

The API key is now disabled and can no longer be accessed.

Phishing Attacks, Personal Threats

Ledger said the data breach did not cause any direct threat to users’ fund security. But experts worry that many customers’ safety is at risk forever.

Alon Gal, Co-Founder and CTO of security firm Hudson Rock, commented:

This leak poses a great risk to the people affected by it. Individuals who buy Ledgers tend to have high net worth in cryptocurrencies and will now be subject to both cyber harassment and physical harassment on a larger scale than before.

LEAVE A REPLY

Please enter your comment!
Please enter your name here