Crypto Hardware Wallet Company Ledger Suffers Data Breach, 1M Customer Details Exposed
Major cryptocurrency hard wallet company Ledger revealed that the platform suffered a data breach causing customers details to be compromised.
Customer Funds Unaffected By Breach
The company made the announcement via a blog post on Wednesday (July 29, 2020). According to Ledger, the hacker got access to a part of the company’s e-commerce and marketing database via an application programming interface (API) key which is inactive and inaccessible.
Explaining the details of the breach, Ledger stated that the attack was first noticed by a researcher who was part of a bounty program early in July. While it seemed the company had taken care of the problem, it was discovered that an earlier breach occurred on June 25.
Investigations revealed that about one million email addresses belonging to customers were compromised. Furthermore, access to Ledger’s e-commerce and marketing database gave the hacker exposed various users’ details such as names, phone numbers, ordered products, or postal addresses.
However, Ledger assured customers via the blog post that sensitive information such as passwords and payment information was not affected. Also, crypto funds were secure.
Part of the post reads,
“This data breach has no link and no impact whatsoever with our hardware wallets nor Ledger Live security and your crypto assets, which are safe and have never been in peril. You are the only one in control and able to access this information.”
Ledger Working With Authorities to Investigate the Breach
Ledger also stated that a few days after the incident was revealed by the researcher, the company contacted the National Commission on Informatics and Liberty (CNIL), France’s data privacy protection body. On July 21, the company collaborated with the security firm, Orange Crypberdefense, to investigated and identify the scope of the breach.
While customers’ funds are reportedly safe, the firm asked customers to be vigilant about deceptive emails claiming to be from Ledger. A statement from the company to its customers reads:
“We are extremely regretful for this incident. We take privacy very seriously, we discovered this issue thanks to our own bug bounty program, we fixed it immediately. But regardless of all what we did to avoid and fix this situation, we sincerely apologize for the inconvenience that this matter may cause you.”
The company added that it was constantly on the lookout for proof of users’ database traded on the internet. So far, there has been no such activity. Meanwhile, authorities are investigating the incident.
Back in May 2020, BTCManager reported that there was rumored exploitation on databases belonging to Ledger and Trezor. However, both companies denied the incident.