Ledger 1 Mln Users Data Under Attack - page 2.

squatter

legendary

Activity: 1666

Merit: 1196

STOP SNITCHIN'

Quote from: wxa7115 on July 30, 2020, 11:40:03 AM

The safest option is by far a paper wallet, if you have a clean OS that is never connected to the Internet and a dumb printer then you could print your wallets with no issue, the problem is that they are very impractical for daily use but you could always have a wallet with some funds for your daily expenses.

PSA: Not all paper wallets are created equally.

Securely generating and writing down a 12 or 24-word seed is a good way to do cold storage. Third party paper wallet software, printers, using raw private keys, etc. -- these are not.

Quote from: wxa7115 on July 30, 2020, 11:40:03 AM

Hardware wallets were supposed to be the best of both worlds, a device that was completely secure and that you could use whenever you want ...

I never thought that was a realistic way to characterize things. To me, hardware wallets always occupied a niche between desktop wallets and cold storage. They come with their own set of security trade-offs and risks. Hardware wallets are useful for new users who would otherwise get their bitcoins stolen, but I think most users who are serious about security are using general purpose hardware to secure their bitcoins -- at least for their long term cold storage.

posi

hero member

Activity: 2268

Merit: 579

Vave.com - Crypto Casino

Quote from: MCobian on July 31, 2020, 05:00:08 AM

There is no need to panic too much about the Ledger users data under attack incident, because indeed all human creation does have weaknesses
and nothing is perfect. Make this incident a lesson, so it does not happen again. Even so I will not stop using Ledger as a Bitcoin and Altcoins
storage wallet that I have, because for me Ledger is still the best crypto wallet.

Concern the incident, I don't see any reason to be panic because the attack was not about Ledger wallet but their online store user information. However, the news need to spread so that all their customers would be more careful cause sooner or later the attackers will use the information they stole to attack ledger customers.

20kevin20

legendary

Activity: 1134

Merit: 1598

Quote from: Ucy on July 31, 2020, 06:16:32 AM

What do you think about using very secure old mobile phones that can easily be updated with special/custom operating system designed specifically for storing important private data of crypto-based assets? I guess you'll have to somehow restrict internet usage on such devices ...or maybe make them automatically super-secure before connecting to the internet?

You could get Replicant, GrapheneOS or deGoogled LineageOS on a compatible older phone and use use that as a hardware wallet for sure, with Orbot active. Restricting internet on smartphones is kinda harder though, as your phone could still receive and send data even if Airplane Mode is active (remember, it's just a graphical button, not a physical hardware disconnection). Now the "super-secure" part is quite difficult to accomplish. With every new software update, new vulnerabilities appear.

But hardware wallets help you avoid most of the possible mistakes you can make with such a phone and you are physically assured there is no external connection that could take place. To be honest, I barely trust even a brand new smartphone anymore since I have my HW. My personal preference is Tails OS in combination with a hardware wallet.

Ucy

sr. member

Activity: 2674

Merit: 403

Compare rates on different exchanges & swap.

Quote from: hatshepsut93 on July 29, 2020, 12:25:20 PM

People have been saying "just buy a hardware wallet" for a long time, but it has always been less than a perfect solution, because some centralization and trust has always been involved, and now it was abused. Now potential burglars and kidnappers have a list of people who own some bitcoins, and something like this will never happen with a software wallet, because it doesn't ask you for your personal information during installation.

IMO and old PC with live OS like Tails is the best cold storage you can get.

What do you think about using very secure old mobile phones that can easily be updated with special/custom operating system designed specifically for storing important private data of crypto-based assets? I guess you'll have to somehow restrict internet usage on such devices ...or maybe make them automatically super-secure before connecting to the internet?

travwill

sr. member

Activity: 1313

Merit: 278

Quote from: MCobian on July 31, 2020, 05:00:08 AM

There is no need to panic too much about the Ledger users data under attack incident, because indeed all human creation does have weaknesses
and nothing is perfect. Make this incident a lesson, so it does not happen again. Even so I will not stop using Ledger as a Bitcoin and Altcoins
storage wallet that I have, because for me Ledger is still the best crypto wallet.

I do not think that we can somehow influence the further occurrence of such incidents. Unless we all join the Ledger bounty program to find bugs and vulnerabilities.
In fact, nothing serious happened. It's unpleasant that someone will know your address and the fact that you have cryptocurrency.
I guess Ledger could make some compensation to those people whose data was leaked. There are not so many of them that the company would incur losses.

thesmallgod

full member

Activity: 1498

Merit: 129

Quote from: hatshepsut93 on July 29, 2020, 12:25:20 PM

People have been saying "just buy a hardware wallet" for a long time, but it has always been less than a perfect solution, because some centralization and trust has always been involved, and now it was abused. Now potential burglars and kidnappers have a list of people who own some bitcoins, and something like this will never happen with a software wallet, because it doesn't ask you for your personal information during installation.

IMO and old PC with live OS like Tails is the best cold storage you can get.

people say that because it is safer than many other alternatives. private keys of their customers have not stored on their e-commerce wallet just detail information of the customers which I do not see how the hacker with such information can hack into such customers' hardware wallets except contact tracing and direct robbery.
Those that ordered for the hardware wallets will be subject of many spams and phishing emails from the hackers just to see if they can steal some bitcoin from them

travwill

sr. member

Activity: 1313

Merit: 278

Quote from: Lucius on July 31, 2020, 04:35:59 AM

Quote from: bbc.reporter on July 30, 2020, 09:19:29 PM

There is also another form of an old, public information source where criminals can take your name, address and phone no. and it is readily available.
This is a telephone directory. It never caused anyone to break into houses hehehe.

This is not a good comparison, the phone book can contain the name, surname and address and of course the phone number - but it will certainly not contain information that someone is a crypto user or that person has bought a hardware wallet. But the very title of this topic is very wrong, because the attack is long over, the data has been stolen and the damage has been done. Those whose names and physical addresses are compromised in this hack are definitely a cause for concern - of course if the data falls into the wrong hands - others can only fear spam in their email box.

I agree that the comparison is incorrect. The phone book is somewhat anonymous, because you need to know something about a person in order to find him and know what he possesses.
For example, you can find media personalities, but they are not difficult to find anyway. The rest of the people will be dark horses for you.
This is the same as breaking into every house in the hope of finding something very valuable.

MCobian

full member

Activity: 1190

Merit: 117

There is no need to panic too much about the Ledger users data under attack incident, because indeed all human creation does have weaknesses
and nothing is perfect. Make this incident a lesson, so it does not happen again. Even so I will not stop using Ledger as a Bitcoin and Altcoins
storage wallet that I have, because for me Ledger is still the best crypto wallet.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: bbc.reporter on July 30, 2020, 09:19:29 PM

There is also another form of an old, public information source where criminals can take your name, address and phone no. and it is readily available.
This is a telephone directory. It never caused anyone to break into houses hehehe.

This is not a good comparison, the phone book can contain the name, surname and address and of course the phone number - but it will certainly not contain information that someone is a crypto user or that person has bought a hardware wallet. But the very title of this topic is very wrong, because the attack is long over, the data has been stolen and the damage has been done. Those whose names and physical addresses are compromised in this hack are definitely a cause for concern - of course if the data falls into the wrong hands - others can only fear spam in their email box.

Debonaire217

sr. member

Activity: 644

Merit: 364

In Code We Trust

I have received an email regarding this, but they already confirmed that my funds are safe. I'm not sure what percentage of assurance they are pertaining to. But I somehow believe that what happened is focused on breach in their marketing and ecommerce database. I didn't use my ledger to buy anything online, so probably, this will not impact me too bad.

Good action for ledger to always update users and fix the issue right away before it cost huge damage. They also advise to visit Ledger Academy security to further increase our knowledge on how to secure our nanos.

cryptomaniac_xxx

hero member

Activity: 1344

Merit: 540

Quote from: Lucius on July 30, 2020, 08:25:31 AM

Quote from: cryptomaniac_xxx on July 30, 2020, 04:26:52 AM

And Trezor trolling, LOL,
[]

There is a saying that it is not nice to look forward to someone else's misfortune, because sooner or later the same thing (or something worse) can happen to you. But those who follow the relationship between the two companies know that business competition has long since become more than that. In any case, a good marketing move.

Yes, a good marketing and PR move from Trezor. Their competition really goes down deep, and it's pretty obvious that they are aiming at it.

Quote from: Wind_FURY on July 31, 2020, 02:06:14 AM

Hahaha! Or another good security practice could also be, to back up e-shop database to an offline database, then purge their e-shop database after less than 90 days.

I think this kind of incident really open up another security practice that they need to change on their end.

Yey09

sr. member

Activity: 632

Merit: 250

http://scientificcoin.com/

Sometimes cold wallets could be even dangerous than software ones

erikoy

full member

Activity: 686

Merit: 125

This is very bad to all expose users data. It can be use in criminal activities of the scammers. There are many of this kind of activity especially in social media like facebook copying details of others and then use it for scamming.

This breach likely has its purpose and there is so many wa it can be use. Hopefully that it can't affect innocent users on their criminal activities or even scamming the user through block mailing and other forms. And also that the responsible for hacking will get caught.

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: cryptomaniac_xxx on July 30, 2020, 04:26:52 AM

And Trezor trolling, LOL,

https://twitter.com/Trezor/status/1288463431750885383

Hahaha! Or another good security practice could also be, to back up e-shop database to an offline database, then purge their e-shop database after less than 90 days.

mace15

hero member

Activity: 1428

Merit: 506

Quote from: The Cryptovator on July 30, 2020, 12:21:30 PM

I have noticed this story from the email notification yesterday. It was quite surprising to me from such as a reputed crypto wallet company. Because crypto users use the Ledger wallet to keep their fund safe and protect their privacy as well. So if they can't keep safe user's privacy then it's really regrettable for us. But the good thing is they disclosed the issue in front of their users instead of hiding or misled. So the user could determine what they should do like change credential. But not expected it from Ledger.

I have also received an email the other day that they are having trouble about ledger wallet that data is under attack. This is the first time I have also heard that a reputable wallet experience this kind of problem. Though I’m also using this wallet for long and I haven't encountered any problem during these times of storing my crypto asset in this wallet. So let's always watch out the news from ledger as this has also many users will be affected.

Yaunfitda

hero member

Activity: 2870

Merit: 594

I remember @mk4 post here, Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked). And as per update, they say that they are not hacked and that this rumour is not true. But I think this is the the same breach reported in May. Not very good for Ledger image here, sad to say. They should have admit it right away and not they are looking very shady because of this move.

bbc.reporter

legendary

Activity: 3122

Merit: 1492

Quote from: philipma1957 on July 29, 2020, 07:42:03 PM

Quote from: pixie85 on July 29, 2020, 07:10:48 PM

Quote from: Bitstarzisascam on July 29, 2020, 05:54:09 PM

Now we're going to hear news that people getting robbed and threatened to hand their ledger and the keys. Sad

You think that someone will break into your house and attack you because they know you bought a ledger? Most of ledger users have more valuable stuff in their houses than on their wallets. How are you going to know if:

The buyer bought it for themselves and not to give away or sell?
The buyer holds a lot of coins?

You could end up breaking into someone's home and risking getting shot or stabbed to learn that they sold it, gave it to a friend or have just $1000 or something like that in cryptocurrencies. The wedding rings most people have on their fingers all the time can be worth more than that.

I have a ledger and it wasn't bought on their site so I don't care.

You make a very good point here which is being missed by most posters.

To bring up a similar case of compromised email. Bitmain was hacked and thousands of customers emails home addresses and gear purchased was leaked.

I purchased 100 plus pieces of bitmain gear. Does that hack mean many people will come to my home?
Not likely. But if I owned a ledger I would not have all my coins on it any more.

There is also another form of an old, public information source where criminals can take your name, address and phone no. and it is readily available.

This is a telephone directory. It never caused anyone to break into houses hehehe.

UserU

hero member

Activity: 2128

Merit: 532

FREE passive income eBook @ tinyurl.com/PIA10

Quote from: carlisle1 on July 30, 2020, 04:54:08 AM

And seeing the advertisement in youTube from time to time?lol

You mean those giveaway videos? I hardly come across those, but there are some ads with a self-claimed "marketing guru" who keeps telling the viewers to stop watching YouTube videos and start making money on the Internet. That one is annoying as hell.

kawetsriyanto

legendary

Activity: 2422

Merit: 1140

duelbits.com

Quote from: bitcoinst on July 29, 2020, 10:52:56 AM

Ledger Hardware Crypto Wallet Team Disclosed Data Breach, 1 Mln Users' Data Under Attack

Even Ledger, which is considered very safe, still has a gap to hack. of course they are not ordinary hackers but really professional so they want to test their skills. grateful if the Ledger quickly gets the information and immediately handle it. But it does not rule out the possibility that hackers will return with a more violent attack. therefore, in this case, Ledge has certainly learned from previous difficulties. And they will be even more active in covering the security of their hardware.

pixie85

hero member

Activity: 2184

Merit: 531

Quote from: philipma1957 on July 29, 2020, 07:42:03 PM

You make a very good point here which is being missed by most posters.

To bring up a similar case of compromised email. Bitmain was hacked and thousands of customers emails home addresses and gear purchased was leaked.

I purchased 100 plus pieces of bitmain gear. Does that hack mean many people will come to my home?
Not likely. But if I owned a ledger I would not have all my coins on it any more.

Of course nobody is going to come after you because they wouldn't know where to look. You could be a retailer or a middle man for some mining farm owner. Most likely the gear wouldn't even be at your house, same as Bitcoins. Even if they had all the dates of purchase, in this business 6 months is a lot of time.

Thinking like that would make every celebrity or a successful CEO live in a bunker and have bodyguards patrolling the garden 24/7. All rich people would have to live like one of those cocaine bosses from South America.

I don't have all my coins on my Ledger, but I feel pretty safe knowing that the private keys are unaccessible. Probably the weakest point is the software from Ledger that you install on your PC to access the wallet.

Topic: Ledger 1 Mln Users Data Under Attack - page 2. (Read 718 times)