Cryptonews Bitcoin News

Ledger Database Dump: Was My Data Leaked and What To Do Next? (UPDATED)

Bitcoin Hardware wallet Ledger Scam Security Wallet

Journalist

Sead Fadilpašić

Journalist

Sead Fadilpašić

About Author

Sead specializes in writing factual and informative articles to help the public navigate the ever-changing world of crypto. He has extensive experience in the blockchain industry, where he has served...

Author Profile

Last updated:

June 25, 2023

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Following the hackers’ massive dump of customers’ personal information stolen from France-based major hardware wallet manufacturer Ledger, the Cryptoverse has been hard at work providing ways for users to check if they’ve been included in the breach, as well as suggestions on what to do next. They also shared advice to all crypto-buyers on how to potentially make safer crypto purchases. (Updated at 16:14 UTC: updates in bold.)

As is well known by now, a database reportedly containing more than a million email addresses of Ledger users and more than 270,000 physical addresses and phone numbers, was dumped on Raidforums, a website for sharing hacked databases. “We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020,” said Ledger.

As Ledger stated earlier, this leak doesn’t contain passwords, recovery phrases, or payment information (customers’ phrases are not stored in the first place) – which further underlines the warning not to share the 24-word recovery phrase with absolutely anybody, even if they say they are Ledger.

“Since we discovered the data breach in June 2020, we worked with an external security organization to conduct a forensic review. The review confirmed that only 9,500 individuals were impacted, all of whom were personally contacted by Ledger Support. Since the phishing attacks started to occur, we anticipated more information could have leaked and continued to notify all users via Twitter and email,” a Ledger spokesperson told Cryptonews.com.

Later, in an email to its clients, the company confirmed that:

“The database publicly released yesterday shows that a larger subset of detailed information has been leaked, approximately 272,000 detailed information such as postal address, last name, first name and telephone number of our customers. These details are not available in the logs that we were able to analyze.”

“If you are part of the detailed personal information subset, you will receive a specific email notifying you within the next 24 hours (check your spam box),” they said, adding that they have taken down more than 170 phishing websites since the original breach.

Also, they have set up a webpage sharing the anatomy of phishing attacks so users can avoid falling for them and report any new attacks: https://www.ledger.com/phishing-campaigns-status.

There are some ways you can check if your information was leaked. Cybersecurity site haveibeenpwned.com, recommended by Ledger itself, said it had already listed 69% of the addresses since the original leak, and many commenters, such as Casa‘s Chief Technology Officer Jameson Lopp and Ethereum (ETH) core developer Hudson Jameson recommended checking if you’re a part of the database leak there.

What now?

“If your data was compromised, make sure you are not using your number for 2FA [two-factor authentication] anywhere. Change to a VoIP [Voice over IP] number, or GA,” advised economist and trader Alex Krüger. Popular crypto trader ‘notsofast’ also suggested using a new phone number and email address, as well as keeping hard copies in a different safe place instead of one’s home (attorney or safety deposit box if you can afford it), and perhaps keeping the old number on an old device and “log any non-whitelisted texts/calls/phishes to that number, as a record in case harassment/abuse escalates (THANKS Ledger 🤬).”

Furthermore, people are warning affected users to take steps to protect themselves against SIM swaps. Others too are arguing for using PO boxes, pseudonyms, burner numbers, and anonymous email accounts for crypto-related purchases in general.

As previously reported, security experts speaking to Cryptonews.com had affirmed that much can be done by the industry and individuals to reduce the scope for breaches, and that the likeliest attacks, such as the Ledger breach, are the ones least likely to steal actual private key or wallet info.

“Although it’s difficult to stay constantly vigilant, investors should scrutinize each instance when they’re asking to provide personally identifiable information that can be tied to their ownership of crypto assets,” said Developer Daniel Ternyak.

Possible escalation of abuse

‘Notsofast’ is far from the only one who believes that the abuse will escalate. The harassment has been on for months already. As reported, scammers have been posing as Ledger via emails and texts in an attempt to trick users into giving them their seed phrases, and occasionally they appear to have succeeded, draining victims’ wallets. The leak’s effect seems to have “spread” to Trezor users as well, as they’ve been a target recently too. Some are saying that they’ve been getting these scam messages every couple of days.

And there are those who think that the abuse may go offline as well. “Is there an option that ledgerhack doesn’t end in torture, robbery, blackmailing or murder?,” asked Bitcoin blogger Christoph Bergmann. Network security firm Hudson Rock‘s Chief Technology Officer Alon Gal tweeted that the leak and the subsequent dump pose a “major risk” to those affected, arguing that those who bought Ledger often hold a lot of crypto in it, “and will now be subject to both cyber harassments as well as physical harassments in a larger scale than experienced before.”

Many commenters are furious, both about the leak and Ledger’s response at the time and now. “Imo this Ledger leak is unforgivable,” said popular crypto researcher Hasu. You simply can’t sell hardware wallets and store the personal information of your customers on an online server.” As there seems to be no end to the problems caused by the original leak, there also seem to be increasingly more and louder voices online calling for a lawsuit against the wallet maker.

On Ledger’s part, they said in their Twitter thread that they had alerted the authorities and the users of the breach, hired a new Chief Information Security Officer and executed penetration tests and forensic analysis with external security firms, among other steps made since July. We asked Ledger for comment.
____