Ledger User Database Dumped Online, Targeted Phishing Attacks Expected

A user on crypto twitter going by the handle ‘Jimmy McShill’ [@JimmyMcShill] posted screenshots of files that have been uploaded to forums purportedly contacting the ‘full database’ of Ledger customer’s emails, phone numbers, and addresses;

Ledger responded stating that they believe the data is from a previous breach and not a new attack;

“Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.”

Is Ledger Safe?

If Ledger fails to keep personal information safe, can they really be trusted with digital assets? It is still unclear whether this is a new attack or the dumping of contents from the first attack which occurred in June 2020. At the time, it resulted in the exposure of as many as a million customer email addresses.

Following the breach, Ledger users were targeted by scammers and phishing attacks, some of which attempted to lure users into downloading fake Ledger software or revealing their key phrases. This indicates that the data had already been leaked and this could be a new set of customer information.

The Block’s director of research, Larry Cermak, is of the opinion that this is much worse than the previous data breach as it contains physical addresses;

Unexpected Losses

CryptoPotato spoke to one Ledger victim, an industry researcher, and journalist who requested to remain anonymous. According to the source, the device was accessed remotely and cleared out with several unauthorized transactions resulting in the loss of around $16,000 at the time in late 2019.

“The wallet was secured in a safe with the key phrase in another safe. Neither were broken into or accessed so I was dumbfounded to discover that the thing had been drained of all funds by three transactions I did not make.”

Realizing that there was little chance of recovering the losses, the victim contacted Ledger to try and find out how this could possibly have happened in order to warn others. The firm was unaccommodating, simply sending an apology and not even willing to investigate the fraudulent transactions.

With the leaking of more personal information, Ledger users should start to brace for an incoming maelstrom of attacks that could now start to target them personally.

Dodaj komentarz

Podobne Wpisy