Victor Ugochukwu · Dec 14, 2020 . 5min read
Hardware Wallet Ledger Suffers Data Breach, Ledger’s leadership addresses the issue
Security and Infrastructure solution giant, Ledger suffers data breach in its marketing and e-commerce platforms of the website.
By Shilika · Jul 29, 2020 . 7min read
On 29th July, earlier today, Ledger, the hardware wallet company announced about its marketing and e-commerce data breach on a Ledger website. The former provides security and infrastructure solutions for cryptocurrencies and blockchain applications through its cutting edge technology primarily focusing on hardware wallets.
According to Ledger’s blog post, the company was exploited on 14th July and 25th June this year. It was bought to notice by a researcher who participated in Ledger’s bounty program. Apparently, an unauthorized third party accessed the marketing and e-commerce data chimp that consisted of a user’s personal information through an API key. Thus, the information was compromised. However, the company has deactivated the API keys constricting further activity.
Security – A more significant challenge?
The personal information involved was about 1 million email addresses. However, with further investigation, the company reported that about 9500 emails were exposed. The data revealed was in terms of email addresses, order details and contact details. Therefore, the company reassured that any of the payment credentials remain unexposed. Moreover, the data breach had no impact on the security of crypto assets or ledger wallets.
The company officially tweeted about the same on its Twitter channel.
The company has fixed the issue immediately and has commenced the internal investigation. It has reportedly informed CNIL, the French Data Protection Authority in respect to the same. Moreover, on 21st July, it has partnered with Orange CyberDefense, a UK based security solution provider. It will further ascertain the potential damages and identify data breaches that occurred. The company is actively monitoring in case of sale of data on the internet. So far its found none. It is also filing a formal complaint so that the authorities can thoroughly investigate the matter.
Caution is the key : Ledger Wallet
Ledger has recommended its users to remain cautious in respect to malicious attacks and phishing scams. It has informed the users that the Ledger never asks for a 24-word recovery phrase. In case you receive an email, it must be considered as a phishing attempt and reported immediately. A piece of important advice to the users is to visit Ledger Academy Security to understand the nuances and principles of malicious attacks.
Pascal Gauthier, the CEO of Ledger, has repeatedly been stressing upon the importance of security. He has further advises that one should be responsible for his security. They should never share their private keys whatsoever.
Security is one of the biggest challenges in the Cryptocurrency and Blockchain industry. Companies are relentlessly working towards creating robust solutions that can safeguard user funds and user information. However, with the increased adoption of cryptocurrency worldwide, security becomes strenuous. However, with the increased adoption, security is one such key aspect that we cannot disregard.
Follow Cryptodose for more updates