Kataryna Kovtun July 29, 2020
Table of Contents [hide]
- 1 Hackers stole 1 million email addresses from crypto wallet manufacturer Ledger
- 1.0.1 The company urges not to forget about phishing attempts by cybercriminals, and also not to transfer the mnemonic code from the wallet under any pretext.
- 1.1 Slow action leak
- 1.2 Risk group
Hackers stole 1 million email addresses from crypto wallet manufacturer Ledger
Ledger is facing the largest leak in company history. The company expects the leaking of the database on the Internet. Contact details and email addresses leaked, but cryptocurrencies themselves are safe, says Ledger
The company urges not to forget about phishing attempts by cybercriminals, and also not to transfer the mnemonic code from the wallet under any pretext.
The popular manufacturer of hardware crypto wallets Ledger fell victim to an attack by cybercriminals who managed to steal about 1 million email addresses. The company announced this on its official website.
According to the official announcement, on July 14, 2020, an unknown tester of the official Ledger website (www.ledger.com) was able to detect an API flaw that violates data security.
Ledger claims to have fixed the flaw almost immediately, but the company later discovered that on June 25, someone took advantage of the flaw by gaining access to an e-commerce and marketing database.
Slow action leak
The compromised database, according to Ledger, consisted mainly of e-mail addresses, as well as background information in the form of contact details, name, postal addresses, and phone number. Payment information and cryptocurrencies are safe, Ledger points out.
Presumably, the attacker was able to gain access to at least 1 million email addresses, as well as background information of 9,500 Ledger clients.
Concerning your e-commerce data, this data breach did not concern billing information, credentials (passwords). This only affected the contact details of our customers.
The company also claims that it is actively monitoring the possible sale of the stolen database on the Internet, but “has not yet found one.”
This is not the first time that hardware cryptocurrency wallet manufacturers have been at the center of a product tech vulnerability scandal.
In early July, a study by ZenGo revealed a new threat to cryptocurrency wallets, which is associated with double-spending. At-risk were Ledger Live wallets, BRD wallet, and Edge wallet.
However, the cryptocurrency community then said that the problem is not so much with wallets, but with bitcoin itself and the method of distributing assets over the blockchain network.
However, there are times when it is manufacturers who become the primary cause of vulnerabilities.
The research department of the cryptocurrency exchange Kraken Security Labs previously identified a critical vulnerability in a wallet from CoolBitX called CoolWallet S.
Then the experts discovered that the CoolWallet S version of the Android application stores the wallet PIN, pairing password, and a mnemonic phrase in plaintext, allowing an attacker to easily gain access to assets.
We remind all traders that bxmi.io continues to sell BXMI tokens at the lowest price.
Join Bitxmi Exchange and get $10 worth of BXMI token after your first trade