Ledger 1 Mln Users Data Under Attack

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Quote from: Lucius on August 04, 2020, 04:05:54 AM

Quote from: bbc.reporter on August 03, 2020, 08:22:54 PM

@Lucius. Agreed! However, the telephone directory has also enough available information to do similar types of attacks and it has been publicly available for more than 50 years but it has never been considered a cause for attacks.

And again I ask you what does the telephone directory have to do with the fact that in this particular case it is about people who bought a hardware wallet? Is there any information in the telephone directory or has there ever been information that someone bought gold, an expensive watch, a valuable piece of art perhaps?

It is really not clear to me that you are drawing a parallel between the telephone directory (which is a public database) and data that should be secret for quite logical reasons. I don't want a public directory with my information stating that I own a hardware wallet or have a safe in my apartment.

How would criminals know that their ledger wallets hold coins amounted to more than the price of the hardware wallet? Do you assume that there certainly will be a massive increase of serious crimes on those ledger owners?

I reckon the information given on where they live would give more details on their financial status, similar to the telephone directory.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: bbc.reporter on August 03, 2020, 08:22:54 PM

@Lucius. Agreed! However, the telephone directory has also enough available information to do similar types of attacks and it has been publicly available for more than 50 years but it has never been considered a cause for attacks.

And again I ask you what does the telephone directory have to do with the fact that in this particular case it is about people who bought a hardware wallet? Is there any information in the telephone directory or has there ever been information that someone bought gold, an expensive watch, a valuable piece of art perhaps?

It is really not clear to me that you are drawing a parallel between the telephone directory (which is a public database) and data that should be secret for quite logical reasons. I don't want a public directory with my information stating that I own a hardware wallet or have a safe in my apartment.

muratsink

sr. member

Activity: 1330

Merit: 256

Will be most safety place to save our assets under billow? how primitive people save their assets under billow and keep safety for long term, with higher technology always have way how to get our assets risk save on digital wallet currency, maybe save on exchange wallet is most priority when getting good exchange.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

@Lucius. Agreed! However, the telephone directory has also enough available information to do similar types of attacks and it has been publicly available for more than 50 years but it has never been considered a cause for attacks.

The bitcoin news media is creating much clickbaits about this news. There were similar hacks of this type on Coinbase, Bitmex and many other exchanges also that never caused mass increase in serious crimes.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: squatter on August 02, 2020, 05:56:16 PM

I'm also concerned about things like possibly insecure RNG for key generation and bugs at the software or firmware level. More than anything else, I'm worried about supply chain attacks.

The ideal for long term storage is a method that leverages open source software, general purpose hardware, and a source of entropy than can be verified.

I may once have believed that hardware wallets are impenetrable if used in accordance with all the rules, but over time I increasingly doubt that this is the case. Technology is advancing unstoppably, but not only for the manufacturers of such devices, but also for those who are trying in all possible ways to break their protection. Attack vectors that require physical contact with the device worry me less than some possible remote attacks that could in some way seriously compromise the security of the hardware wallets. Therefore, it is only right to always doubt everything and try to minimize the risk.

Quote from: bbc.reporter on August 02, 2020, 11:13:22 PM

Are you telling everyone that breaking into home crimes on Ledger users will increase because of this hack? I reckon it might not be. They might have many Nigerian scam in their inbox, however hehehe.

I think I was pretty clear about that, but you're obviously going in the wrong direction all the time. 9500 Ledger customers are potentially compromised because their data has been stolen (not just email, but full/last name, physical address, mobile phone number). This opens up opportunities not only for physical attacks, but also for various other methods of social engineering that includes not only e-mail spam/phishing, but also all other methods that can be performed via a mobile number or physical address.

By the way, I don't think there's anything funny here - but if it entertains you, enjoy it.

Shasha80

sr. member

Activity: 1876

Merit: 318

Ledger companies should be more aware of the security of data users, if not quickly repaired their business reputation will be crucial.
Because for users personal data is everything, fortunately the Ledger can fix this problem quickly. This is also a lesson for all of us,
Ledger who has a reputation for a good security system can be hacked, therefore we must always be vigilant and activate all security
systems that we have.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Quote from: Lucius on August 01, 2020, 05:31:34 AM

Quote from: bbc.reporter on July 31, 2020, 09:33:22 PM

However, the argument was that the public information available about everyone never prompted on someone breaking into a person's house similar to the hacked information from Ledger will not cause criminals breaking into those people's homes.

Is the telephone directory a danger to society?

You cannot compare publicly available data with the fact that someone stole data (name, surname, address, phone number) of 9500 people who are crypto users and who bought a hardware wallet. These people are indeed in potential danger of physical assault, but of course no one will just go and break into someone's house or apartment if there is no information that that person has a significant amount in crypto. Stolen data can be the basis for analysis and social engineering towards these users.

Criminals break into homes for much less value than finding out someone has 1+ BTC worth over $10k, and it's not clear to me that you can even draw parallels between the phone book and the data stolen from Ledger.

Are you telling everyone that breaking into home crimes on Ledger users will increase because of this hack? I reckon it might not be. They might have many Nigerian scam in their inbox, however hehehe.

Velkro

legendary

Activity: 2296

Merit: 1014

Quote from: bitcoinst on July 29, 2020, 10:52:56 AM

A third-party attacker accessed the segments of e-commerce and promotional databases holding the email addresses of customers.
Additionally, 9,500 users were exposed to a leak of order details: name, street address, phone number and the details of what they ordered.

That is insanely dangerous.
If someone buying ledger or other crypto-wallet he have serious amount of money to hold there.
These people on that list are in danger now, bigger or lesser, will happen or not, but ledger should know better security of its clients data is crucial in their business.

squatter

legendary

Activity: 1666

Merit: 1196

STOP SNITCHIN'

Quote from: Lucius on August 02, 2020, 05:23:44 AM

Hardware wallets are also exposed to various threats such as fake versions of wallets (fake Ledger Live) or phishing (fake Trezor sites), and clipboard malware. But this is not a weakness of the device but of each individual user who uses it.

I'm also concerned about things like possibly insecure RNG for key generation and bugs at the software or firmware level. More than anything else, I'm worried about supply chain attacks.

The ideal for long term storage is a method that leverages open source software, general purpose hardware, and a source of entropy than can be verified.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: TopExchanger on August 01, 2020, 11:13:03 PM

Are hardware wallets still the safest ones? Hackers got an access to users' info like emails and etc, but the funds weren't stolen. Now I don't know if I should buy Ledger wallet.

Nothing is completely safe, but only to some extent safer than something that serves the same purpose. We can generally say that a hardware wallet is something that should (and in most cases is) much more secure than an online/desktop/mobile crypto wallet, but that doesn't mean you can completely relax and live in the belief that no one can do anything to your coins.

Hardware wallets are also exposed to various threats such as fake versions of wallets (fake Ledger Live) or phishing (fake Trezor sites), and clipboard malware. But this is not a weakness of the device but of each individual user who uses it.

There is no documented case (as far as I know) that someone managed to literally hack a hardware wallet (remotely), which does not mean that hackers may not find a way to do so in the future. Hacking a Ledger database does not have a direct impact on the security of the device itself - but it can have undesirable consequences on the privacy of users whose data has been stolen.

cutesgirl

sr. member

Activity: 938

Merit: 251

We confused which one most safety wallet for saving our assets, from exchange wallet always got scam and now ledger wallet look have the same problem. Almost wallet kinds will have little chance to make us lost our assets and better saving if offline wallet or online wallet, but always check every day and keep secure with internet access.

sukbir

member

Activity: 122

Merit: 13

🏆Bitcoin is king of Cryptocurrency World.

Quote from: TopExchanger on August 01, 2020, 11:13:03 PM

Are hardware wallets still the safest ones? Hackers got an access to users' info like emails and etc, but the funds weren't stolen. Now I don't know if I should buy Ledger wallet.

Yes Mate, Ledger device is still safe to use, if you want to buy go for it..only customer detail was leaked.

TopExchanger

newbie

Activity: 23

Merit: 0

I'am Exchanging With The Best Rate

Are hardware wallets still the safest ones? Hackers got an access to users' info like emails and etc, but the funds weren't stolen. Now I don't know if I should buy Ledger wallet.

AakZaki

legendary

Activity: 2338

Merit: 1084

zknodes.org

Quote from: HardFacts on July 29, 2020, 01:03:14 PM

Do not worry !!! Your BitCoins are absolutely safe, nothing to see here Grin

Yes, they know EXACTLY what the hackers got, and are being TOTALLY HONEST about it Cheesy

Everyone can sleep well and not worry, they will take good care of you !!!

Hard Facts

But this hack is also related to privacy issues that are owned by customers who buy ledger devices. hackers will use data owned by ledger customers to commit other crimes. Even though they are not the private key, the ledger user or the customer who bought the ledger will also be a centralized victim who will be targeted for several ways to get the private key such as phishing methods via email and other methods. There will be many investment offers and the like that will go to customer emails that are successfully hacked, and the offer will contain phishing, malware and other sites that try to steal data on the user's device. Must stay alert.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: bbc.reporter on July 31, 2020, 09:33:22 PM

However, the argument was that the public information available about everyone never prompted on someone breaking into a person's house similar to the hacked information from Ledger will not cause criminals breaking into those people's homes.

Is the telephone directory a danger to society?

You cannot compare publicly available data with the fact that someone stole data (name, surname, address, phone number) of 9500 people who are crypto users and who bought a hardware wallet. These people are indeed in potential danger of physical assault, but of course no one will just go and break into someone's house or apartment if there is no information that that person has a significant amount in crypto. Stolen data can be the basis for analysis and social engineering towards these users.

Criminals break into homes for much less value than finding out someone has 1+ BTC worth over $10k, and it's not clear to me that you can even draw parallels between the phone book and the data stolen from Ledger.

michellee

hero member

Activity: 2604

Merit: 816

🐺Spinarium.com🐺 - iGaming casino

Quote from: TrevorS on July 31, 2020, 08:44:03 AM

Quote from: rexxarofmoknathal on July 31, 2020, 08:04:59 AM

I guess that's the problem with these hardware wallet providers. They're so focused on keeping their hardware wallets and custody solutions safe, that they forget that hackers often target other types of data—including customer personal info.

I highly doubt any of it will be used to successfully scam anyone. After all, Ledger has just sent out an email explaining the situation. Though I wouldn't be surprised if the attacker tries to send out a phishing email under the guise of Ledger to scam victims. The fact they haven't done this already indicates they didn't intend to use the data for nefarious purposes.

Hackers are not idiots. They perfectly understand that everyone is now expecting an attack. They can wait a year, two, three. And then carry out a planned attack on users whose data is leaked, or with their help to gain access to something else. Users must be prepared for everyone throughout their future lives. After all, knowing the necessary information, you can prepare a very sophisticated attack that even the most critical will believe in.

The hackers will find a way to penetrate the source to get inside, and they will try and not give up until they can get what they want. Maybe it will need days to find that way, but they will not stop it before they succeed in getting the data. The easy of the way will be by sending the phishing email to the victims, and if people are not careful to read the email, they will get scam easily. The hardware wallet providers need to upgrade or check their security because it's related to the customer data.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Quote from: travwill on July 31, 2020, 05:02:15 AM

Quote from: Lucius on July 31, 2020, 04:35:59 AM

Quote from: bbc.reporter on July 30, 2020, 09:19:29 PM

There is also another form of an old, public information source where criminals can take your name, address and phone no. and it is readily available.
This is a telephone directory. It never caused anyone to break into houses hehehe.

This is not a good comparison, the phone book can contain the name, surname and address and of course the phone number - but it will certainly not contain information that someone is a crypto user or that person has bought a hardware wallet. But the very title of this topic is very wrong, because the attack is long over, the data has been stolen and the damage has been done. Those whose names and physical addresses are compromised in this hack are definitely a cause for concern - of course if the data falls into the wrong hands - others can only fear spam in their email box.

I agree that the comparison is incorrect. The phone book is somewhat anonymous, because you need to know something about a person in order to find him and know what he possesses.
For example, you can find media personalities, but they are not difficult to find anyway. The rest of the people will be dark horses for you.
This is the same as breaking into every house in the hope of finding something very valuable.

However, the argument was that the public information available about everyone never prompted on someone breaking into a person's house similar to the hacked information from Ledger will not cause criminals breaking into those people's homes.

Is the telephone directory a danger to society?

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: thesmallgod on July 31, 2020, 05:17:00 AM

people say that because it is safer than many other alternatives. private keys of their customers have not stored on their e-commerce wallet just detail information of the customers which I do not see how the hacker with such information can hack into such customers' hardware wallets except contact tracing and direct robbery.
Those that ordered for the hardware wallets will be subject of many spams and phishing emails from the hackers just to see if they can steal some bitcoin from them

Yeah, hardware wallet is better than something like an online wallet, but like I said - it's not perfect. It's a tradeoff between some little bit of trust and ease of use with decent security. But making your own cold storage isn't hard, and most people should have access to some old PCs or laptops, everyone is doing upgrades every few years.

Quote from: Ucy on July 31, 2020, 06:16:32 AM

What do you think about using very secure old mobile phones that can easily be updated with special/custom operating system designed specifically for storing important private data of crypto-based assets? I guess you'll have to somehow restrict internet usage on such devices ...or maybe make them automatically super-secure before connecting to the internet?

I trust Tails or other Linux distributions more than "super secure mobile OSs". And Internet connection is a problem, you can never be sure if your phone is truly disconnected or not.

TrevorS

sr. member

Activity: 1050

Merit: 377

Quote from: rexxarofmoknathal on July 31, 2020, 08:04:59 AM

I guess that's the problem with these hardware wallet providers. They're so focused on keeping their hardware wallets and custody solutions safe, that they forget that hackers often target other types of data—including customer personal info.

I highly doubt any of it will be used to successfully scam anyone. After all, Ledger has just sent out an email explaining the situation. Though I wouldn't be surprised if the attacker tries to send out a phishing email under the guise of Ledger to scam victims. The fact they haven't done this already indicates they didn't intend to use the data for nefarious purposes.

Hackers are not idiots. They perfectly understand that everyone is now expecting an attack. They can wait a year, two, three. And then carry out a planned attack on users whose data is leaked, or with their help to gain access to something else. Users must be prepared for everyone throughout their future lives. After all, knowing the necessary information, you can prepare a very sophisticated attack that even the most critical will believe in.

rexxarofmoknathal

sr. member

Activity: 980

Merit: 260

I guess that's the problem with these hardware wallet providers. They're so focused on keeping their hardware wallets and custody solutions safe, that they forget that hackers often target other types of data—including customer personal info.

I highly doubt any of it will be used to successfully scam anyone. After all, Ledger has just sent out an email explaining the situation. Though I wouldn't be surprised if the attacker tries to send out a phishing email under the guise of Ledger to scam victims. The fact they haven't done this already indicates they didn't intend to use the data for nefarious purposes.

Topic: Ledger 1 Mln Users Data Under Attack (Read 714 times)