In June 2020, Ledger’s e-commerce platform was hacked with information relating to their customer’s e-mail addresses and some personal information of buyers. Recently, the database was leaked onto forums and the data had been circulating through channels which revealed information linking buyers of Ledger’s products and their email, physical address and phone numbers. Check with haveibeenpwned.com to see if your information was compromised.
The sensitive personal information about customers that purchased cryptocurrency products is the highest risk of this breach as it links specific individuals to purchasing a product relating to cryptocurrency. Therefore, phishing risk and personal safety risk are the biggest threats to this data leak.
There is no immediate threat to users of Ledger’s products as the data leaked has nothing to do with your digital assets or cryptocurrencies stored on their products. However, those individuals exposed to this breach will very likely receive phishing attempts and possibly physical threats (if your address was leaked) which should be ignored and/or reported to authorities if necessary.
The only way an individual’s cryptocurrency and digital assets are at risk is if their 12/18/24 word recovery phrase is exposed or compromised in any way. Whether that be a site (no matter how convincing) requesting these words or through a physical confrontation to obtain these words. Personal security is the highest risk of having exposed physical addresses in a hacked database. Please take safety precautions as necessary for your own personal situation.
What precautions should I take going forward?
In order to minimize exposure to any future database leaks or hacks which compromise personal data, it is important to not freely give out sensitive information unless absolutely necessary. Cryptocurrency products are at a high-risk because it can link individuals to possibly having cryptocurrencies in their possession.
To mitigate this risk, do not use your personal home address to purchase these products. An alternative to receiving your product is to setup a PO Box or send it to a public place such as your office/workplace.
You can also consider using a 3rd party service such as Amazon to purchase these products, but do be aware that there are associated risks as well for buying off 3rd parties. Ledger offers a way to verify that the product has not been tampered in any way if it was not purchased directly from them.
Andreas Antonopoulos provides a great playlist for you to watch as well if you are a victim: https://www.youtube.com/playlist?list=PLPQwGV1aLnTuKUIiO_DelQ4nCgpShQn3w
Any other questions? Feel free to find me on my online channels and ask away!
