Crypto Wallet Maker Ledger Loses 1M Email Addresses in Data Theft
An unknown hacker gained access to the wallet maker's marketing database, stealing a million email addresses as well as personal information for 9,000 customers.
Jul 29, 2020 at 9:30 a.m. UTCUpdated Sep 14, 2021 at 9:37 a.m. UTC
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/QCGND2YU5ZFGBNWDFOJGBAQMBQ.jpg)
/arc-photo-coindesk/arc2-prod/public/LXF2COBSKBCNHNRE3WTK2BZ7GE.png)
Ledger said customer details have been stolen in a data breach that may well have been exploited for over two months.
- In a note to clients Wednesday, CEO Pascal Gauthier said the French hardware wallet provider fell victim to a large-scale data breach from an unauthorized third party.
- The hacker, whose identity remains unknown, gained access to Ledger's e-commerce and marketing database.
- Customers affected include those who signed up for Ledger's newsletter or to receive promotional material.
- Information stolen included email addresses, with a smaller "subset" of 9,500 customers also having their full names, postal addresses and phone numbers exposed.
- In total, the company estimates around one million email addresses have been stolen.
- Payment information, passwords and cryptocurrency funds have not been affected.
- The data breach was first detected as part of a bug bounty program on July 14.
- Ledger estimates the data may have been accessed from April until the end of June.
- A Ledger spokesperson confirmed to CoinDesk the data breach has now been fixed.
- The wallet provider has now alerted the French authorities and is filing a complaint with the public prosecutor.
- Ledger said it has not found customer information disseminated online nor has it received any ransom demands.
:format(webp)/downloads.coindesk.com/arc/failsafe/user/1x1.png)