Cryptocurrency

Ledger data leak leaves crypto community furious, here’s what to do next

Ledger, the popular hardware wallet, said today that data belonging to over 1 million customers was leaked on a hacker forum.

Ledger users endure data leak

Hardware wallet Ledger said today that details of a database compromised in June were dumped on RaidForums, an infamous online hacking forum, over the weekend. The information has been made available for free, meaning anyone can access the data.

Ledger first announced the leak back in July. It said at the time that only 9,500 particulars were leaked and that the firm was working with French authorities to prevent further vulnerabilities.

But the efforts have fallen short. Today’s data dump comprises over 1 million email addresses (attached to individual wallets that can be checked over a block explorer), as well as personal information of the victims (such as home addresses and mobile phone numbers).



It said in a statement on Twitter, “It is a massive understatement to say we sincerely regret this situation.” Ledger added in further tweets that French authorities were still working on the case to prevent proliferation, claiming that the efforts took down 170 phishing sites where the database details were first put up.

Ledger said it “would learn from this instance” to make the service even more secure for users. However, the broader crypto community was not convinced by the tweetstorm. Much of the consensus was around how to avoid Ledger products entirely in the future, apart from immediate actions to protect one’s identity.

What next for crypto users?

One of the main questions doing the rounds was why did Ledger store all that data in the first place? As a hardware wallet, the firm did need personal information to help deliver the wallet, but storing customer information was, in the views of some, a massive breach of trust.

Popular crypto influencer “notsofast” said Ledger users whose data was compromised in the leak should get a new contact number and email id at the earliest to prevent any possible phishing.

They added—arguably for users holding large amounts of crypto—that multisig keys and recovery codes should now be kept at a different address than the residence, as the latter was now compromised.

Meanwhile, some users on Ledger’s tweet thread said they would take legal action against the breach and the alleged storage of personal information without permissionless.

Ledger did not respond to a mail by CryptoSlate at press time.

News Source

Advertisement
Advertisement