Ho comprato due volte dal sito ledger, una con cc e una con bitcoin.
Questo data breach un po "mi da fastidio", ma almeno sembra che dati "importanti" (intendo relativi ai sistemi di pagamento usati, numeri carta ecc) non siano stati rubati, si tratta "solo" di una questione di privacy, nomi ed email.....
Detto ciò, speriamo bene.
E un reminder a sottolineare come funzionerà ora... con tutte quelle mail ed info partiranno centinaia di mail phishing quindi fate occhio, come riportato anche qui sotto, ovviamente ledger non manda mail chiedendo password o frasi di sicurezza per fantomatici reset ecc.
Per completezza ed info a tutti appunto quoto qui sotto la mail che mi ha mandato ledger
(ci sono dei link che non riporto nel quote ma mandano tutti al loro blog, compresa la conferma linkata anche in questi articoli sopra
https://www.ledger.com/addressing-the-july-2020-e-commerce-and-marketing-data-breach)
Our ecommerce and marketing database leaked, we immediately fixed the breach. Contact and order details were involved. Your funds are safe.
What happened?
On the 14th of July 2020, a computer researcher that participated in our bug bounty program notified us of a potential data breach on the Ledger website. We immediately fixed the breach after receiving the researcher’s report and undertook an internal and external investigation of the situation. While conducting the investigation, we discovered an unauthorized third party had gained access to customer information.
What personal information was involved?
Contact and order details were involved. This is mostly the email address of our customers. Further to investigating the situation we have also been able to establish that, for a subset of customers were also exposed: first and last name, postal address, phone number and ordered products. Due to the scope of this breach and our commitment to our customers, we have decided to inform all of our customers about this situation.
Payment information, credentials (passwords) or crypto funds are not impacted by this data breach. This data breach has no link nor impact on our hardware wallets and the Ledger Live application. Your crypto assets are safe and are not in peril.
What we have done, what we are doing
We have taken immediate action on 14th of July 2020, to resolve the data breach.
On the 17th of July, we notified the CNIL -- the French Data Protection Authority -- about this data breach and are continuing to work with authorities throughout the legal process.
We are continuously monitoring for evidence of our customers’ contact details being disclosed on the internet, and have found none thus far. We also performed an internal penetration test.
We are currently in the process of filing a complaint before the French public prosecutor regarding the unauthorized access and we will support law enforcement investigation.
We are extremely regretful for this incident. We take privacy very seriously, and we sincerely apologize for the inconvenience this matter may cause you.
What you can do
We recommend you exercise caution -- always be mindful of phishing attempts by malicious scammers.
As a reminder, Ledger will never ask you for the 24 words of your recovery phrase. If you receive an email that looks like it came from Ledger asking for your 24 words, you should definitely consider it a phishing attempt.
We suggest you visit Ledger Academy security section to educate yourself on general security principles and more precisely our article about phishing attacks.
Pascal Gauthier, Ledger CEO
For more information
Our blogpost about the data breach, and the FAQ to answer all your questions. For any additional information, you can directly contact our customer support.
To discover our Privacy Policy and understand what we do with your data, please click here.
If you have any questions, or want to exercise any of your rights granted by Applicable Laws and detailed in our Privacy Policy, please contact our data protection officer at
[email protected].