Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked) - page 3. (Read 685 times)

cheezcarls
hero member
Activity: 2282
Merit: 659
Looking for gigs
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 10:17:15 PM
#13
Quote from: mk4 on May 24, 2020, 10:02:56 PM
Quote from: cheezcarls on May 24, 2020, 09:57:55 PM
I haven't used my Ledger Nano S in Shopify or any e-commerce stores yet. Rumors are just "rumors". They're not confirmed yet. However, I do believe that hackers innovate no matter how hard it is to crack, especially hardware wallets.

Ledger Nano S and Trezor are some of the best, safe and secure wallets ever. If that "hacker" sells that database to the dark web, we could confirm if some certain users would see some unauthorized activity coming from their wallets themselves.

You're completely missing the point here. The rumoured "leak" is not concerning the security your hardware wallet itself, but the personal information you've probably given them if you bought directly from them. What sites you've used your bitcoin doesn't matter in this case.

Okay I see and thanks for clarifying that to me. It's really concerning right now on how our personal information are getting exposed when we buy something in Shopify or other platforms that keeps our data. We could be victims of identity theft. Even if they assure that our personal data is safe and secure, we can't be complacent on that.

Privacy is something that we need to protect. It's really scary on how these hackers are finding new ways to "compromise" a platform, even if they're just rumours. As security improves, so as the hackers' brains to counter-attack.
ranochigo
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 10:03:38 PM
#12
Quote from: crwth on May 24, 2020, 09:59:08 PM
Quote from: ranochigo on May 24, 2020, 09:29:26 PM
Good on Trezor for scrubbing their user info regularly, hope to see other companies do the same.
I don't know why they scrub their old customer database they might want to continue with their upselling or something related to that? I mean it's ideal for us as consumers to have our data be trashed but for companies to have that information because customers ordered previously is a gem. Customers are the lifeline of the company so why scrub? Hmm.
I mean, I don't trust any companies who would keep and sell my data, especially if it's any sensitive data and/or they are supposed to aid to keep my privacy.

It is definitely not necessary for companies to keep my home address or phone number. If they tries to sell those data to third party companies, I would have second thoughts about buying from them.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 10:02:56 PM
#11
Quote from: cheezcarls on May 24, 2020, 09:57:55 PM
I haven't used my Ledger Nano S in Shopify or any e-commerce stores yet. Rumors are just "rumors". They're not confirmed yet. However, I do believe that hackers innovate no matter how hard it is to crack, especially hardware wallets.

Ledger Nano S and Trezor are some of the best, safe and secure wallets ever. If that "hacker" sells that database to the dark web, we could confirm if some certain users would see some unauthorized activity coming from their wallets themselves.

You're completely missing the point here. The rumoured "leak" is not concerning the security your hardware wallet itself, but the personal information you've probably given them if you bought directly from them. What sites you've used your bitcoin doesn't matter in this case.
guigui371
legendary
Activity: 2114
Merit: 1693
C.D.P.E.M
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 10:00:29 PM
#10
Quote from: mk4 on May 24, 2020, 09:45:34 PM
Quote from: Bttzed03 on May 24, 2020, 09:37:18 PM
It feels kind of weird that they're selling hardware wallets that helps us protect our crypto funds from hacking is also maintaining a data base of its customers to a centralized server that's also hackable.

To be fair, most ecommerce stores or even websites in general(even the giant ones) use third party data centers anyway(Amazon AWS/MSFT Azure/etc), hence there's almost always going to be a third party trust involved, unless they run their own data centers.

I don't really use PO boxes as they are small and many businesses don't want to deliver parcels to them.
But where i am, we have the choice to be delivered to nearby businesses, this can be a good option as the shipping address remains confidential to trezor/ledger  (unless you are dumb and provide them a "billing address with your real DOX).

One of the advantages is that said businesses (mainly groceries store) are open until 11pm every day. (unlike the post office that only do 9am to 4pm working days only).
I wouldn't do that for an expensive package, but for everyday low-value parcels it working quite well.


The $5 wrench attack is really hard to avoid, but every step that make it harder is a step in the right direction
crwth
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 09:59:08 PM
#9
Quote from: ranochigo on May 24, 2020, 09:29:26 PM
Good on Trezor for scrubbing their user info regularly, hope to see other companies do the same.
I don't know why they scrub their old customer database they might want to continue with their upselling or something related to that? I mean it's ideal for us as consumers to have our data be trashed but for companies to have that information because customers ordered previously is a gem. Customers are the lifeline of the company so why scrub? Hmm.


Quote from: mk4 on May 24, 2020, 09:45:34 PM
To be fair, most ecommerce stores or even websites in general(even the giant ones) use third party data centers anyway(Amazon AWS/MSFT Azure/etc), hence there's almost always going to be a third party trust involved, unless they run their own data centers.
It's going to be an expensive investment to run their own data centers, maybe when they get bigger as a company.


According to this article by Jamie Redman

https://news.bitcoin.com/hacker-attempts-to-sell-data-allegedly-tied-to-ledger-trezor-bnktothefuture-customers/

The Shopify system is not compromised, said in the article. I think that's what companies will all say if they are included in something remotely like this.

Quote
News.Bitcoin.com also spoke with a Shopify representative and the company said: “We investigated these claims and found no evidence to substantiate them, and no evidence of any compromise of Shopify’s systems.”

And another allegedly connected company is Keepkey. Stated as well in the article. Just like what Bttzed posted.
cheezcarls
hero member
Activity: 2282
Merit: 659
Looking for gigs
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 09:57:55 PM
#8
I haven't used my Ledger Nano S in Shopify or any e-commerce stores yet. Rumors are just "rumors". They're not confirmed yet. However, I do believe that hackers innovate no matter how hard it is to crack, especially hardware wallets.

Ledger Nano S and Trezor are some of the best, safe and secure wallets ever. If that "hacker" sells that database to the dark web, we could confirm if some certain users would see some unauthorized activity coming from their wallets themselves.

Bttzed03
legendary
Activity: 2114
Merit: 1150
https://bitcoincleanup.com/
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 09:56:18 PM
#7
Quote from: mk4 on May 24, 2020, 09:45:34 PM
~
To be fair, most ecommerce stores or even websites in general(even the giant ones) use third party data centers anyway(Amazon AWS/MSFT Azure/etc), hence there's almost always going to be a third party trust involved, unless they run their own data centers.
Yeah, I get that. It's still weird.


Welp, it's not just Ledger and Trezor. Keepkey database is also reportedly compromised.

Quote from: https://cointelegraph.com/news/hacker-sells-tens-of-thousands-of-ledger-tezor-and-keepkey-users-info
The hacker claims to be in possession of account information corresponding to nearly 41,500 Ledger users, over 27,100 Trezor users, and KeepKey’s 14,000 customers.

....and other crypto exchanges
Quote from: https://cointelegraph.com/news/hacker-sells-tens-of-thousands-of-ledger-tezor-and-keepkey-users-info
The hacker is now advertising the databases of 18 virtual currency exchanges and forums, in addition to the email lists of two crypto tax platforms.

The databases include the full SQL for Korean exchange Korbit spanning 4,500 users, three databases for Mexcican trading platform Bitso, and the complete account information including passwords for blockchain platforms Blockcypher, Nimirum, and Plutus.

There's a high chance that this hacker is only trolling though.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 09:45:34 PM
#6
Quote from: Bttzed03 on May 24, 2020, 09:37:18 PM
It feels kind of weird that they're selling hardware wallets that helps us protect our crypto funds from hacking is also maintaining a data base of its customers to a centralized server that's also hackable.

To be fair, most ecommerce stores or even websites in general(even the giant ones) use third party data centers anyway(Amazon AWS/MSFT Azure/etc), hence there's almost always going to be a third party trust involved, unless they run their own data centers.
Bttzed03
legendary
Activity: 2114
Merit: 1150
https://bitcoincleanup.com/
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 09:37:18 PM
#5
It feels kind of weird that they're selling hardware wallets that helps us protect our crypto funds from hacking is also maintaining a data base of its customers to a centralized server that's also hackable.

For those who still don't get the $5 wrench attack, this conversation might explain it better  Grin


mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 09:31:32 PM
#4
Quote from: crwth on May 24, 2020, 09:28:24 PM
When there are statements from the official company, I think they are taking it seriously and are trying to find out if there is an actual breach of the database.
As they should. Time will tell.

Quote from: crwth on May 24, 2020, 09:28:24 PM
Since their official website uses Shopify, everyone is affected who ordered from their site, right?
Apparently. I'm not giving this rumour that much credibility as Shopify hasn't made a statement yet, but it doesn't automatically mean that a leak didn't happen either. They might also just still be in the "investigations" phase. Again, time will tell.

Quote from: ranochigo on May 24, 2020, 09:29:26 PM
Doubt it is real, to be honest. It would fetch much more value if its sold elsewhere in the darkweb presumably. It's fairly useful for hackers to obtain such information; scamming through social engineering, selling to advertisers etc. I bet it could fetch much more than the asking price here. It would be better to be wary of any social engineering attempts though.
I have my doubts too. But I don't think this is something we should just totally ignore.
ranochigo
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 09:29:26 PM
#3
Doubt it is real, to be honest. It would fetch much more value if its sold elsewhere in the darkweb presumably. It's fairly useful for hackers to obtain such information; scamming through social engineering, selling to advertisers etc. I bet it could fetch much more than the asking price here. It would be better to be wary of any social engineering attempts though.

Good on Trezor for scrubbing their user info regularly, hope to see other companies do the same.
crwth
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 09:28:24 PM
#2
When there are statements from the official company, I think they are taking it seriously and are trying to find out if there is an actual breach of the database. Maybee after thorough investigations, the public would be informed as well. I think we will never know what happens behind the scenes if it's real or no, but the important thing is we should not interact with emails claiming ridiculous things right now.

Since their official website uses Shopify, everyone is affected who ordered from their site, right?
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Re: Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)
May 24, 2020, 09:18:51 PM
#1
Ledger's(and Trezor's, KeepKey's and various other websites) customer database is rumoured to be leaked due to a Shopify exploit. Note: I'm putting a lot of emphasis on the word "rumoured" because there's also a good chance that this is fake. This is just a heads up.

Based on the screenshots, on Ledger's side, the database that's rumoured to be "leaked" include:

  • names
  • full addresses
  • phone numbers
  • emails

To see the screenshots of the apparently "leaked" database, take a look at the tweet itself: https://twitter.com/underthebreach/status/1264460979322138628


The only statements we have from Ledger and Trezor as of the moment:




Src:

In this case we can say that it's more unlikely for Trezor to be affected. One thing's for sure, don't take $5 wrench attacks lightly.

Quote from: qwk on February 21, 2019, 10:58:25 AM

https://xkcd.com/538/

Will edit this topic when I find more updates.

EDIT 1: Alright ladies an gents, looks like we're done with this topic.


While we can all have our sighs of relief now, make this be a wake up call that it's heavily not recommended to be handing over personal information on a lot of websites. Always think twice when handing over personal information.
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: