Ledger: online the home addresses of customers

Ledger: online the home addresses of customers
The residential addresses belonging to approximately 270,000 Ledger customers have been posted on a forum, publicly available for download and consultation. It is the latest in a series of leaks that in 2020 brought several services, producers and platforms to their knees. The company is engaged in the marketing of hardware wallets for cryptocurrencies through which to save and manage virtual currencies such as Bitcoin.

Data breach: Ledger customer information online

This is the stolen information during the June 2020 breach, perpetrated by leveraging a vulnerability found on the official website. The outcome of the data breach is today's sharing of an archive containing two files: the first is called "All Emails (Subscription) .txt" and the other "Ledger Orders (Buyers) only.txt", the latter with names , surnames, addresses and telephone numbers for a total of 272,853 customers.

The security incident was recognized by the company itself with a post on Twitter in which it is explicit reference to the RaidForums board.

Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.

- Ledger (@Ledger) December 20, 2020

As always in these cases, for those directly concerned there is first of all the risk of being targeted by phishing campaigns. Considering the nature of the service, closely linked to cryptocurrencies and economic resources, the less savvy could be deceived by providing their credentials or in the worst case by giving up control of the wallet.

The fact that residential addresses have also been leaked could constitute an additional weapon in the hands of criminals and criminals: the bait for scams and deceptions could no longer be delivered only via email, but directly to your home , with a communication on physical media that for obvious reasons could not be filtered by digital protections against spam and cyber threats.

Source: BleepingComputer