‘Ledger’ Customer Database Appeared on ‘RaidForum’

• A database containing the names, phone numbers, and home addresses of Ledger clients appeared online.
• The database was offered for purchase on the dark web for months now, but this stage is done now.
• The problem that arises is mainly of phishing and scamming type, but the privacy breach has been scaled up too.

‘Ledger’ has acknowledged the appearance of a dump containing customer details on the platform ‘RaidForum,’ a clearnet space where confirmed database leaks appear and become available for download. That’s usually long after dark web actors have had time to exploit the data, sold it to others, and generally squeezed every bit of value contained in a set.

Indeed, this seems to be the same data that was stolen during a July 2020 security breach that was thought to have affected about 85,000 users. This was followed by a wide-reaching phishing campaign in October 2020.

The users affected by this incident had already been alerted months ago, so the appearance of their details online shouldn’t have an immediate negative effect on them other than an additional spam/phish annoyance. The most frequent examples of scamming attempts reported by the users are emails claiming that their Ledger is deactivated, which could be scary for inexperienced investors.

Ledger is a hardware wallet platform where people can store their cryptocurrency assets securely, buy or sell Bitcoin (and another 1500 crypto), and control everything from a single point. Ledger combines the security of a hardware wallet that stores the private key on an ANSSI-certified chip with the “Ledger Live” app’s versatility. It features powerful verification systems to ensure that only the owners have access to their wallets.

What appeared online now is a text file containing the email addresses of over a million people who were subscribed to the Ledger newsletter and another text file containing the names, phone numbers, and mail addresses of roughly 273,000 people who bought a Ledger wallet. This second one is the most sensitive, although it should be noted that it still isn’t catastrophic or compromising for the wallets. It’s just what opens up a channel for phishing actors to act against the wallet owners.

If you happen to receive an email claiming any issues with your Ledger, asking you for the recovery phrase or a change on your PIN, do not follow any links contained in the email and do not download any applications. There have been reports about cloned Ledger Live apps circulating out there in the past couple of months, so beware. Now that crooks know your home address too, you may receive fraudulent instructions via post mail, tricking you into thinking this is legitimate, but it’s not.