The hacker is likely to be responsible for the Ledger security breach, which in July recently dumped a large amount of data that revealed personal information of more than 270,000 customers, including phone numbers and physical addresses. The leak also included 1 million emails from Ledger Wallet owners and customers who signed up for the company’s newsletter.
Amid unrest over the accident, Ledger says he is focused on improving the safety infrastructure, instead of compensating users for any losses that may occur. In the meantime, it was reported that some of the affected clients had considered filing class actions against the company.
Gorgeous customer ledger data also provides new controversial support for the implementation of additional protocols for CI, whose critics claim that such measures encourage targeted cyberattacks to reveal sensitive personal information.
More than 270,000 personal account information hacked
As previously mentioned, in July, a hacker was able to dump personal information to thousands of affected users online in violation of Ledger’s e-commerce database. Social media accused the company of not better protecting user data and restricting piracy. At the time, the manufacturer of the hardware wallet announced that only 9,500 customers were affected by the security breach.
On December 21, Ledger issued a statement stating that the leak affected more material than he could analyze earlier this year. However, the company assured that the customer funds remain safe, adding: “There is no connection, and this data breach has no effect on our devices, app wallets or your money. Your cryptocurrencies are safe. Although very unfortunate and sincere, this breach only applies to e-commerce related information.
In response to the incident on Twitter, Ledger CEO Pascal Gaultier pointed out that the leak is an indication of the growing threat of cyberattacks. When Gaultier appeared on What Bitcoin for the Peter McCormack podcast, he commented on the contents of the hack and said it was the result of a bug in the company’s e-commerce group.
The card client to import the database from the store encrypted the wrong API key, which was encrypted in the wrong positions and therefore was encrypted, as it was not meant to be encrypted, and the database came under one attack which is Gauthier’s explanation.
Amid the reaction to the leak, some cyber security experts stressed that the incident was another sign that encryption was not being extended by database administrators when storing user data. Ledger’s CEO addressed the issue of lack of encryption of API keys and added that this is a serious error, and not a deliberate attempt to compromise client security by not hashing API keys.
In a comment on the leak, Robin Murry, CEO of the wallet manufacturer NGRAVE, noted that the incident reflected the sky-high security costs among cryptocurrency companies. He added: “Many online platforms have been hacked, not necessarily because of hacking skills. Platforms often have poor security management, let alone implementation. ”
Scars and other risk factors
The data breach has led to a new round of phishing attacks as attackers armed with emails from users try to trick wallet customers into revealing their first 24-word sentence. Even before the data was dumped, these fake emails appeared regularly.
However, revealing phone numbers and personal addresses can potentially reveal several risk factors for large users. Some users reported that they were trying to switch SIM attacks to their number, and the hacker was probably trying to break the two-factor authentication protocols.
Investors in cryptocurrency were previously the target of SIM exchanges. In June, Richard Yuan Li was charged with conspiracy to commit internet fraud in connection with a series of SIM exchanges targeting more than 20 people.
In addition to phishing and SIM spoofing, data breaches also open up the possibility of spreading risk factors beyond intimidating tools to physical attacks. In fact, some users affected by the incident claim to have received threatening messages asking for payment or a possible burglary.
Ledger CEO acknowledged the possibility of physical attacks as a result of the company’s audit, and also assured users that the device’s wallet modules contain several security protocols to protect against money theft.