Crypto wallet data breach compromises hundreds of thousands of users

Bitcoin
(Image credit: Shutterstock / REDPIXEL.PL)

Email addresses belonging to hundreds of thousands of users of a cryptocurrency wallet have been leaked online. It is an embarrassing development for Ledger, a hardware wallet manufacturer, who suffered a data breach back in June.

It appears that an unknown threat actor has managed to acquire email addresses of 1,075,382 individuals that subscribe to the Ledger newsletter, in addition to the names and addresses of 272,853 people that have purchased a Ledger device. Both sets of information were subsequently posted online, being shared freely on Raidforums.

At the time of the June data breach, Ledger posted that it worked quickly to patch the relevant security flaw and had notified all affected customers.

From breach to leak

We are actively monitoring for evidence of the database being sold on the internet, and have found none thus far,” Ledger explained in June. “We also performed an internal penetration testing and we are pushing forward the external penetration testing that was originally planned for September.”

Now it appears that the cyberattacker in possession of the hacked information was simply biding his or her time and has now shared the ill-gotten information online. Already, Ledger customers have begun notifying the company that they have been receiving a number of phishing emails.

In addition to digital harassment in the form of unwanted emails, Ledger customers may now find themselves at a greater physical security risk due to the nature of the Ledger wallet. As these are physical wallets, and generally owned by high-net-worth individuals, the appearance of names and addresses online represents a huge privacy invasion. The 24-word recovery phrase and optional secret passphrase used to access the Ledger wallet is now of even greater importance for individuals affected by the latest leak.

Via Bleeping Computer

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock