Topic: Ledger Security Notice-Ecommerce and Marketing data have been exposed-Funds Ok - page 2. (Read 313 times)

jseverson you do have a point there, but this scammers are more of cyber criminals than armed robbers, so a situation of one of those users whose information just got leaked being robbed is imo improbable; that being said, it doesn't mean it cannot happen, but the scammers will try every online means, phishing attempts, impersonations, blackmailing etc, and if it ever gets to a robbery incident, i'll expect the user to have hundreds of thousands (or millions even) in bitcoin, for the scammers to take the risk of being caught now coming in person.

More than that, I would even be wary of being robbed. There are people out there who know you're probably holding a respectable number of coins, what to look for, and where they may find it. If you're one of the customers whose data got leaked, it probably wouldn't hurt to bolster your physical security.

Supply chain attacks have basically been the only real downside in hardware wallet discussions, and I feel like this is another big one that will repeatedly come up in the future. I'm pretty happy I make my own cold wallet.

More than that, I would even be wary of being robbed. There are people out there who know you're probably holding a respectable number of coins, what to look for, and where they may find it. If you're one of the customers whose data got leaked, it probably wouldn't hurt to bolster your physical security.

If the above is completely true, and facts and scope of the breach are as is, be very wary over the comming days of personalized phising attempts.

Our ecommerce and marketing database leaked, we immediately fixed the breach. Contact and order details were involved. Your funds are safe.
 

What happened?

On the 14th of July 2020, a computer researcher that participated in our bug bounty program notified us of a potential data breach on the Ledger website. We immediately fixed the breach after receiving the researcher’s report and undertook an internal and external investigation of the situation. While conducting the investigation, we discovered an unauthorized third party had gained access to customer information.  
 

What personal information was involved?

Contact and order details were involved. This is mostly the email address of our customers. Further to investigating the situation we have also been able to establish that, for a subset of customers were also exposed: first and last name, postal address, phone number and ordered products. Due to the scope of this breach and our commitment to our customers, we have decided to inform all of our customers about this situation.

Payment information, credentials (passwords) or crypto funds are not impacted by this data breach. This data breach has no link nor impact on our hardware wallets and the Ledger Live application. Your crypto assets are safe and are not in peril.
 

What we have done, what we are doing

We have taken immediate action on 14th of July 2020, to resolve the data breach.

On the 17th of July, we notified the CNIL -- the French Data Protection Authority -- about this data breach and are continuing to work with authorities throughout the legal process.

We are continuously monitoring for evidence of our customers’ contact details being disclosed on the internet, and have found none thus far. We also performed an internal penetration test.

We are currently in the process of filing a complaint before the French public prosecutor regarding the unauthorized access and we will support law enforcement investigation.

We are extremely regretful for this incident. We take privacy very seriously, and we sincerely apologize for the inconvenience this matter may cause you.
 

What you can do

We recommend you exercise caution -- always be mindful of phishing attempts by malicious scammers.

As a reminder, Ledger will never ask you for the 24 words of your recovery phrase. If you receive an email that looks like it came from Ledger asking for your 24 words, you should definitely consider it a phishing attempt.

We suggest you visit Ledger Academy security section to educate yourself on general security principles and more precisely our article about phishing attacks.

Pascal Gauthier, Ledger CEO