Ledger 1 Mln Users Data Under Attack - page 4.

philipma1957

legendary

Activity: 4256

Merit: 8551

'The right to privacy matters'

Quote from: pixie85 on July 29, 2020, 07:10:48 PM

Quote from: Bitstarzisascam on July 29, 2020, 05:54:09 PM

Now we're going to hear news that people getting robbed and threatened to hand their ledger and the keys. Sad

You think that someone will break into your house and attack you because they know you bought a ledger? Most of ledger users have more valuable stuff in their houses than on their wallets. How are you going to know if:

The buyer bought it for themselves and not to give away or sell?
The buyer holds a lot of coins?

You could end up breaking into someone's home and risking getting shot or stabbed to learn that they sold it, gave it to a friend or have just $1000 or something like that in cryptocurrencies. The wedding rings most people have on their fingers all the time can be worth more than that.

I have a ledger and it wasn't bought on their site so I don't care.

You make a very good point here which is being missed by most posters.

To bring up a similar case of compromised email. Bitmain was hacked and thousands of customers emails home addresses and gear purchased was leaked.

I purchased 100 plus pieces of bitmain gear. Does that hack mean many people will come to my home?
Not likely. But if I owned a ledger I would not have all my coins on it any more.

pixie85

hero member

Activity: 2184

Merit: 531

Quote from: Bitstarzisascam on July 29, 2020, 05:54:09 PM

Now we're going to hear news that people getting robbed and threatened to hand their ledger and the keys. Sad

You think that someone will break into your house and attack you because they know you bought a ledger? Most of ledger users have more valuable stuff in their houses than on their wallets. How are you going to know if:

The buyer bought it for themselves and not to give away or sell?
The buyer holds a lot of coins?

You could end up breaking into someone's home and risking getting shot or stabbed to learn that they sold it, gave it to a friend or have just $1000 or something like that in cryptocurrencies. The wedding rings most people have on their fingers all the time can be worth more than that.

I have a ledger and it wasn't bought on their site so I don't care.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Quote from: bolawin on July 29, 2020, 04:38:26 PM

if your email is leaked, expected to see alot of spam investment offer on your inbox Grin

Also, assume that your name, phone no. and postal address information to be somewhere in the darknet together with 999,999 other names and other information hehehe.

The hackers should create a darknet public contacts list similar to a phonebook hehe.

LogitechMouse

legendary

Activity: 2576

Merit: 1043

Need A Campaign Manager? | Contact Little_Mouse

Quote from: HardFacts on July 29, 2020, 01:03:14 PM

~

So you are saying that whenever you use a hardware wallet, your Bitcoins are now being put in a centralized entity like the Ledger owner??

The fact that you have your own keys is a proof that what you are saying is nothing close to the topic being shared here. Its just the personal information that is being leaked and nothing related to the holdings of investors, private keys etc.

The only problem with this is when these hackers will send some phishing links to different emails then that is the time when they will be hacked if they fall to these traps.

Bitstarzisascam

jr. member

Activity: 62

Merit: 4

Now we're going to hear news that people getting robbed and threatened to hand their ledger and the keys. Sad

aundroid

legendary

Activity: 1232

Merit: 1255

If you haven't received another mail until 5 pm CET today, at least you don't belong to the 9500 customers whose personal informations have been leaked.
This was announced by the official Ledger Twitter account today.

source

There is now also a FAQ section on the website: https://support.ledger.com/hc/en-us/articles/360015559320?s=09

bolawin

copper member

Activity: 246

Merit: 7

buy bitcoin, hodl bitcoin

if your email is leaked, expected to see alot of spam investment offer on your inbox Grin

Mpamaegbu

legendary

Activity: 2716

Merit: 1225

Once a man, twice a child!

From all indications what this hack has proved is that no system made by man is fool proof. If man makes it, man can also break it. Before now a lot of people were up defending Ledger as the best hardware crypto wallet and the best thing to have happened to man after the discovery of bread and butter. Now we know that ledger is also vulnerable. However, I sincerely hope its customers are safe with all the leaked addresses and emails. At least, they don't have to be looking at their shoulders to check who is trailing them or not.

20kevin20

legendary

Activity: 1134

Merit: 1598

Quote from: hatshepsut93 on July 29, 2020, 12:25:20 PM

People have been saying "just buy a hardware wallet" for a long time, but it has always been less than a perfect solution, because some centralization and trust has always been involved, and now it was abused. Now potential burglars and kidnappers have a list of people who own some bitcoins, and something like this will never happen with a software wallet, because it doesn't ask you for your personal information during installation.

IMO and old PC with live OS like Tails is the best cold storage you can get.

I highly doubt all these people have a lot of money stored on their Ledger. As a burglar, choosing someone off this list could be a very big hit or, more likely, a very big miss.

I mean, you could get a Legder from authorized resellers without having to fill any personal detail. This is still an option. The customer leak could happen to any other shop just as easily. There can't really be online shops without trust and centralization.

desticy

sr. member

Activity: 1512

Merit: 292

www.cd3d.app

Quote from: HardFacts on July 29, 2020, 01:03:14 PM

Do not worry !!! Your BitCoins are absolutely safe, nothing to see here Grin

Yes, they know EXACTLY what the hackers got, and are being TOTALLY HONEST about it Cheesy

Everyone can sleep well and not worry, they will take good care of you !!!

Hard Facts

Is it just me or did you say Ledger is centralised? Do you think anyone would use Ledger wallet if the data of private keys and user access keys were stored on their servers?
Hardware wallets store private keys internally, which eliminates the possibility of users' private keys leaking into the network.

The point is that only you own the keys to your wallet, which means that all that hackers can get is your geo data (if you entered it) and your email.
Those whose data has leaked now should be wary of phishing emails.

HardFacts

member

Activity: 434

Merit: 29

Do not worry !!! Your BitCoins are absolutely safe, nothing to see here Grin

Yes, they know EXACTLY what the hackers got, and are being TOTALLY HONEST about it Cheesy

Everyone can sleep well and not worry, they will take good care of you !!!

Hard Facts

hatshepsut93

legendary

Activity: 3024

Merit: 2148

People have been saying "just buy a hardware wallet" for a long time, but it has always been less than a perfect solution, because some centralization and trust has always been involved, and now it was abused. Now potential burglars and kidnappers have a list of people who own some bitcoins, and something like this will never happen with a software wallet, because it doesn't ask you for your personal information during installation.

IMO and old PC with live OS like Tails is the best cold storage you can get.

wxa7115

hero member

Activity: 2814

Merit: 734

Bitcoin is GOD

This is without a doubt very troubling information, even if they are assuring their customers their funds are safe and I think they are right, several attack vectors are now opened, first of all 9500 people are going to at least be exposed as holders of cryptocurrencies and their identities could be stolen and sold on the black market, I wonder why ledger does not delete personal information from their servers after a few weeks or months to limit the scope of a possible data breach like this one.

The second issue is that we are bound to see a bunch of phishing attacks against ledger customers asking for their private keys or their seed words and unfortunately many will fall for it losing a fortune in the process.

And finally the reputation and the sales of ledger will suffer, anyone on the fence thinking about whether they will get a ledger or a trezor will probably prefer to pick a trezor until things calm down.

bitcoinst

hero member

Activity: 1708

Merit: 651

SmartFi - EARN, LEND & TRADE

Ledger Hardware Crypto Wallet Team Disclosed Data Breach, 1 Mln Users' Data Under Attack

July 29, 2020, the team behind the Ledger products revealed that a critical vulnerability had been disclosed two weeks ago in the Ledger e-commerce database.
It has mostly affected the email addresses of Ledger purchasers, but it has also affected some personal information.

As announced by the Ledger team in their recent official statement, a participant in the Ledger bounty program contacted them on July 14 with information about a security breach.
It was immediately fixed, but then the experts disclosed that the system had been further exploited on June 25.

A third-party attacker accessed the segments of e-commerce and promotional databases holding the email addresses of customers.
Additionally, 9,500 users were exposed to a leak of order details: name, street address, phone number and the details of what they ordered.

During the investigation, Ledger's officers found out that the malefactor abused the API key. This API key was immediately deactivated and is no longer accessible.

https://cryptocomes.com/news/ledger-hardware-crypto-wallet-team-disclosed-data-breach-1-mln-users-data-under-attack

Topic: Ledger 1 Mln Users Data Under Attack - page 4. (Read 714 times)