A database containing the personal information of more than 270,000 Ledger users has been published on RaidForums, a marketplace for buying, selling and sharing hacked information. Database, reviewed by The Block, contains the email, physical address, and phone number of the Ledger wallet hardware buyer. Today’s leak was the result of a Ledger data breach suffered in June and also contains the emails of more than 1 million Ledger subscribers.
In July, Ledger publicly disclosed that it had suffered a data breach in June that compromised customer data. At the time, Ledger noted that 9,500 customers had their personal information breached. However, today’s database dump shows that the personal information leak rate is much greater than 9,500 customers. A Ledger spokesman said the company had anticipated that more information could be leaked in the June attack despite the totals found in its review of the incident.
“At the time of the incident, logs from third-party applications that manage our database show 9,500 people were affected. Simultaneously, we worked with external security organizations to conduct a forensic review, which also confirmed 9,500 people, all of whom were personally contacted by Ledger Support. Since the phishing attacks began to occur, we anticipated more information may have leaked and are continuing to notify all users via Twitter and email,” the spokesperson said.
In a tweet, Ledger stated that “early signs” point to a database from the June hack. Ledger also added “It is a very understatement to say we sincerely regret this situation. We take privacy very seriously” and that “Avoiding situations like this is a top priority for our entire company, and we have learned valuable lessons from these situations that will make Ledger more secure. “