ZachXBT, a blockchain investigative platform, reported the most recent Ledger data breach that originated from a security incident with third-party payment processing partner Global-e, which caused customer names and contact information to be publicly disclosed.
A Third-Party Vulnerability Exposes Customer Data
According to the alert Ledger issued, Global-e has implemented a program to investigate any unauthorized access into their cloud system, which allowed the collection of Ledger customer personal information, including names and contact information. Global-e has engaged independent forensic experts to assist with the investigation to work around the incident.
Ledger further explained that none of the information, including customers’ seed phrase or private key data, had been impacted in regards to the Ledger hardware wallets, just because Global-e does not handle this type of data.
Read also: SlowMist Warns Sophisticated New MetaMask Phishing Attack Drains Funds
Threats From Targeted Phishing Campaigns
While the crypto assets stored in wallets are secure, the amount of personal information stolen from the Ledger data breach creates another layer of risk, giving attackers a wealth of information to craft highly tailored phishing emails and messages that will increase the potential for success. Attackers will likely impersonate Ledger’s customer service, refer to previous orders in order to appear credible, and attempt to deceive customers into giving them their recovery phrases or transferring crypto to fraudulent addresses.
Read also: Trust Wallet Verification Set to Filter Flood of Post-Hack Claims
Being Cautious and Vigilant
The Ledger data breach is a reminder of how challenging security remains in the crypto space, and that an issue with just one company’s security can lead to potential risk for all other firms that use that partner’s services. Consequently, all Ledger customers should assume that the criminals behind the Ledger data breach now have access to their personal data.
The only remaining rule is that users should never provide their 12 or 24-word recovery phrase to anyone, for any reason, and should always validate any communications from any support person via the official Ledger website.
FAQs
Read also: Coinbase Exits Argentine Peso Services One Year After Launch, But Crypto transactions will continue
Was my Ledger wallet hacked?
No, the Ledger data breach happened at the payment processing level. The only customer information exposed was names and contact information. Your Ledger device, your private keys, and your recovery phrase (which never leaves your device) were all protected.
What information was exposed about me?
According to the notification, the exposed data included customer names and contact information (most likely e-mail addresses, and possibly also phone numbers and shipping addresses) that were processed through Global-e.
What should I do next?
Be very cautious about any unsolicited messages or correspondence claiming to be from Ledger. Do not click links in e-mails or messages. Do not enter your recovery phrase on any website. Enable two-factor authentication on your e-mail account and consider using an alias for future purchases involving crypto.
