Data breach: Ledger customer information online
This is the stolen information during the June 2020 breach, perpetrated by leveraging a vulnerability found on the official website. The outcome of the data breach is today's sharing of an archive containing two files: the first is called "All Emails (Subscription) .txt" and the other "Ledger Orders (Buyers) only.txt", the latter with names , surnames, addresses and telephone numbers for a total of 272,853 customers.The security incident was recognized by the company itself with a post on Twitter in which it is explicit reference to the RaidForums board.
Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.
- Ledger (@Ledger) December 20, 2020
As always in these cases, for those directly concerned there is first of all the risk of being targeted by phishing campaigns. Considering the nature of the service, closely linked to cryptocurrencies and economic resources, the less savvy could be deceived by providing their credentials or in the worst case by giving up control of the wallet.
The fact that residential addresses have also been leaked could constitute an additional weapon in the hands of criminals and criminals: the bait for scams and deceptions could no longer be delivered only via email, but directly to your home , with a communication on physical media that for obvious reasons could not be filtered by digital protections against spam and cyber threats.
Source: BleepingComputer