Massive data breaches continue to shake up Ledger, the popular crypto hardware wallet manufacturer. The company reported another massive data breach this week.
Approximately 20,000 new customer records were leaked and exposed. The latter data security breach comes after two major cases in 2020 when in total over 270,000 Ledger users’ data were stolen.
The social networks are now filled with reports on blackmails and threatening messages Ledger users receive from the hackers. Some of them include death and physical threats.
Users blame Ledger on hiding the real scale of data leakage.
Hours ago a Reddit user posted a message claiming his father “received a death threat on his personal email and he bought a Ledger Nano S a few months ago”.
The message from the blackmailer called Darrin Burlew said he has all the critical information on the victim, including the fact of his cryptocurrency holdings. The blackmailer demanded 0.3 Bitcoin or 10 Ether for not sharing this information with the local thieves.
An identical message was sent to another Ledger user, from the fake email address called Denni Hornig.
Dozens of users report the increased number of scam calls and phishing emails after their private data was leaked. This is just one of multiple similar messages on Twitter:
Yes I'm also on the second breach and im already getting multiple scam emails and phone calls every day its now only going to get worse what a nightmare— Paul T (@paultaylor59_) January 13, 2021
According to a blog post from Rain, the exchange is now the first Middle Eastern cryptocurrency company to earn a regulatory license. Rain obtained the Crypto-Asset Module (CRA) license from CBB after completing the bank’s two-year regulatory sandbox program.
Ledger blamed on hiding the information
Despite the flood of scam messages, the data breach victims express disappointment on Ledger’s corporate politics. The users blame Ledger for the lack of transparency and hiding the true scale of data leaked back in 2020.
The most shameful part of the @Ledger data breach is that the company already knew there was a massive data breach incident back in July but only until that data set was published openly in Dec then admitted the case— Dovey “Rug The Fiat” Wan🪐🦖 (@DoveyWan) January 13, 2021
In between there is NO warning and NO remedy, nothing
The Ledger users also threaten a legal action against the company. According to the number of tweets and Reddit announcements, the users might be onto preparing a class-action lawsuit against the company.
On the flipside
- The security breach has caused many crypto users to distrust Ledger.
- There is no data yet of the data breach affecting the security of Ledger hardware wallets themselves.
Ledger hacks in 2020
Ledger suffered the first major data breach in June 2020. The attackers hacked into Ledger’s marketing database, as the company stated then. Over 1 million customer email addresses and other identifying information was stolen.
The company identified 9,500 customers’ data to be exposed and affected. However, the real number emerged to be much higher as in December 2020 the full contents of the stolen databases were made publicly available.
On December 23, 2020 the e-commerce service provider, Shopify, informed Ledger about an “incident involving merchant data in which a rogue member(s) of their support team obtained customer transactional records, including Ledger’s.”
Now over 292,000 customer data were exposed, including email, phone number, name, postal address, the company says.
Ledger strengthens data security
Following the data leak, Ledger reported changes in a way it will handle its customers’ data.
The company said it is going to move users’ data to an off-line database right after fulfilling an order via its e-commerce partners.
It also will be deleting private data such as names, phone numbers and addresses from the confirmation letters Ledger is sending their customers through their e-commerce partners.
Ledger continues working with law enforcement as well as private investigators on these data breaches.