Email addresses belonging to hundreds of thousands of cryptocurrency wallet users have been leaked online. This is an embarrassing development for Ledger, a hardware wallet maker, which suffered a data breach in June. It appears that an unknown actor managed to acquire the email addresses of 1,075,382 people who signed up for the Ledger newsletter, as well as the names and addresses of 272,853 people who purchased a Ledger device. The two sets of information were put online and freely shared on the Raidforums. At the time of the June data breach, Ledger said it had worked quickly to fix the relevant security vulnerability and had notified all affected customers.
From rape to flight
"We are actively monitoring the evidence of the sale of the database on the Internet, and so far we have not found any," Ledger explained in June. "We have also completed an internal penetration test and are advancing external penetration tests initially scheduled for September." Now it seems that the cyber attacker in possession of the hacked information was biding his time and has now shared the erroneously obtained information online. Ledger customers have already started notifying the company that they are receiving various phishing emails. In addition to digital harassment in the form of spam emails, Ledger customers may now face increased physical security risk due to the nature of the Ledger Wallet. Since these are physical wallets and are usually held by high net worth individuals, the appearance of names and addresses online is a major invasion of privacy. The 24-word recovery phrase and optional passphrase used to access the Ledger wallet are now of greater importance to those affected by the latest leak. Through a computer on hold