An alert sent to all users of Hardware Crypto Wallet, Ledger. It has been announced by the company that its marketing database has been breached between June and July of 2020—with this, exposing their users’ personal information.
On July 29, they have made an announcement that is already aware of the said data breach that happened last July 14. This was when a researcher that’s been in participation for their bounty program reached out regarding the vulnerability of their website.
The company happened to resolve the breach immediately with their actions. Further investigation from the company finds out that there’s an authorised third party that made the same steps last June 25, 2020.
The said individual has made use of an API key to access their marketing and e-commerce database to send promotional emails. Ledger also mentioned that the e-mail address owned by 1 million people had been affected. A total of 9,500 customers have other data such as first and last name, address, and phone numbers have been exposed. They were adding also that the API key used has been deactivated to avoid such things happening again.
After the investigation has been conducted, Ledger notified the French Data Protection Authority, CNIL. This is to assure the users of their security. Ledger also added: “Your payment information and crypto funds are safe. Regarding your e-commerce data, no payment information, no credentials (passwords), we’re concerned by this data breach. It solely affected our customers’ contact details.”
They have also claimed to monitor their online marketplaces to gather evidence of their data being sold. But there are no reports of information selling yet. Ledger has also added to be vigilant about phishing attempts and scammers and never to trust anyone with their recovery phrases.