Bitcoin Forum

Bitcoin => Hardware wallets => Topic started by: Pmalek on October 25, 2020, 09:04:11 PM



Title: New Ledger phishing mail targets individual users
Post by: Pmalek on October 25, 2020, 09:04:11 PM
A new and well-written Ledger phishing mail is circulating. What is special about this one is that it is not only well written but it also addresses you with your first name. It is not a mass mail delivered to thousands of email addresses, it has only one receiver and targets one particular recipient. That means that someone who has access to the leaked database of Ledger users is probably sending those mails. 

The scammer claims that malware was detected on Ledger servers and that your crypto assets could be stolen. Anyone who received the mail is affected according to the sender. The mail suggests to download the latest version of Ledger Live. There is a link to it in the email. Users are also told to set up a new pin.

Users of this forum are already experienced enough to recognize this type of scam, but it never hurts to keep an eye out.
The sender of the e-mail is: info@ledgersupport.io

My friend abroad who got my Ledger device delivered to his house sent me this screenshot.

https://i.imgur.com/t4Fv2H5l.png




 


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on October 25, 2020, 11:19:44 PM
Ledger is reckless and I am not at all surprised to see this, and I even said this was going to happen in July when that shit happened.

Now let's look how Ledger company values our privacy NOT.  :P

I did a small website domain search and I found something interesting here Ledger vs Trezor Tracking & Cookie privacy competition (https://bitcointalk.org/index.php?topic=5284338.0)

This is not necessarily true. Someone could have access to another leaked database that includes your name, and are sending emails to every email in that database.

If your email is in a database for one major crypto company, there is a good chance that you will also receive mail from another major crypto company.
Dude, he clearly said it was email from his friend abroad who purchased Ledger for him.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on October 26, 2020, 09:00:01 AM
@PrimeNumber7
No, that can't be the case here. It can only be the Ledger database that got leaked and here is why. The Ledger database contains my name but my friend's email address. That combination doesn't exist anywhere else, because I have never used his email together with my name, except when I purchased my Ledger. He was the one who received the package, and I registered his email so can be get updates and info about shipping, tracking, etc.

What is interesting is that users on different websites are reporting at least 2 different dates used as the alleged time when malware was discovered on the servers, but the rest of the email is the same.  


Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on October 28, 2020, 06:08:13 PM
I have jsut received an SMS (lmao) from Ledger asking me to update the firmware because "the previous one has a bug". I was surprised that I had not received any email with the phishing attempt, because I had bought a couple of Ledgers back in April, but if no one else confirms they have received a similar message, I think it's safe to assume that they divided the database in 2 to try to reach to more people using different methods?

PS: I assume it's a phishing attempt because the website it asks me to check is https://ledger.legalwebsite (most likely my phone cut the link)


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on October 29, 2020, 12:00:58 PM
https://i.imgur.com/vNFx9oI.png

Ledger company is total bullshit and (no)actions from them after hack/leak they had in July silenced almost all of their supporter or should I say blind believers in this forum :)
Everyone who purchased their shit is now bombarded with emails and sms messages, and they still don't admit relations with July hack.
How more stupid they can be, or they just think all their customers are stupid.


Title: Re: New Ledger phishing mail targets individual users
Post by: LeGaulois on October 29, 2020, 01:35:18 PM
shit inside


You're lying

They did take actions after the breach, what did you expect from them? To call the army? To send a message to Jesus Christ to come back and punish the culprit?

- They informed the CNIL since the french law requires to do it in such a situation
- They filled a complaint to the authorities
- They informed the customers concerned

Legally, they did everything they needed to do.

As a reminder, it concerned the eCommerce data and had no impact on devices security or whatever

Audited their system with the help of Orange Cyberdefense (https://orangecyberdefense.com/), still monitoring some stuff, and without posting details here they're taking some others steps


How can you say no action is taken? FYI, no everyone "who purchased their shit" is bombarded with email/SMS. Check your facts before


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on October 29, 2020, 01:39:27 PM
You're lying and full of shit

Thank you for kind words Ledger worshiper  :P

I see deluded Ledger believers are still alive, or maybe you are part of stinky Ledger team?

Please show me where they said that all data from customers have been stolen including phone numbers, emails, full names and addresses?

They care more about fucking Bcash and Roger Ver

Here is your fucking shit website:

https://i.imgur.com/LqrIweR.png
https://archive.vn/2C1LX

Eat that fork shit and bon appétit


Let's look at official statement from July:
  
Quote
Contact and order details were involved. This is mostly the email address of our customers, approximately 1M addresses. Further to investigating the situation we have also been able to establish that, for a subset of 9500 customers were also exposed, such as first and last name, postal address, phone number or ordered products. Due to the scope of this breach and our commitment to our customers, we have decided to inform all of our customers about this situation.
https://www.ledger.com/addressing-the-july-2020-e-commerce-and-marketing-data-breach

I should believe them that 1 million email addresses is exposed, but only 9500 with other data? Yeah right...


Title: Re: New Ledger phishing mail targets individual users
Post by: btcwish1 on October 29, 2020, 02:21:09 PM
I received the email today. To be brutally honest, at first glance I thought it was authentic and was sent from Ledger!.

The email is really convincing and copies all the styles and formatting of the original emails from the ledger company. I then checked the 'download' link and then i realized it's a phishing email because the link is clearly not from ledger!.

I am sure lot of innocent newbies will fall for this very phishing email  SIGH :-[


Title: Re: New Ledger phishing mail targets individual users
Post by: LeGaulois on October 29, 2020, 02:38:12 PM
...


You're truly full of shit. Funny how now you try to twist the problem you stated. You stated no action has been taken since and I showed otherwise and this is the main point

Check their blog perhaps. I also believe it was stated in the emails sent to customers. And surely all over the web mentioning this news

Quote
I see deluded Ledger believers are still alive, or maybe you are part of stinky Ledger team?

it doesn't interest any user here and there is no point in trying to change the direction of the discussion


Talking about the blog's post regarding Btrash, did you at least read it? Perhaps you should before posting a stupid argument


Title: Re: New Ledger phishing mail targets individual users
Post by: bob123 on October 29, 2020, 04:12:39 PM
People receive phishing mails all the time.
What is the big deal with this one?

Just because you bought a ledger and receive a ledger phishing mail?
Customers of coinbase also receive phishing mails "from coinbase". Customers of the bank of america also receive phishing mails.

Checking an email for authenticity is not too hard.
Already the senders address ledgersupport.io is enough to expose that mail as a phishing attempt.
If people don't even check the senders address, then they can be bribed into doing anything via email. They would fall for the classical nigerian prince. Nothing you can do to help those people. They got to learn it the hard way.


Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on October 29, 2020, 10:29:27 PM
----
Even if I do agree with everything that has been said, most phishing attempts are usually generic and idiotic most of the times; in this particular case, attacks are targeted, because the scammers had access to the database of the company. And apart from that, there's many things on how the company has handled the situation that are questinable to say the least.

First of all, they did claim that only 9.500 out of 1.000.000 users had more than the email leaked; or that is what I understand here:

Quote from: Ledger
This is mostly the email address of our customers, approximately 1M addresses. Further to investigating the situation we have also been able to establish that, for a subset of 9500 customers were also exposed, such as first and last name, postal address, phone number or ordered products
This is, at least for me, hard to believe. Number seemed too low in comparison, but whatever. Then, there's this:

Quote from: Ledger
Those 9500 customers whose detailed personal information are exposed will receive a dedicated email today to share more details.
Surprise surprise; I've checked back all the emails Ledger sent me around that time, and besides the general email (saying the same that the blog entry says), I did not receive any "dedicated email", but what I have received is a SMS addressing me by the name I provided to the company at the time I made my only purchase to them. This leads me to believe that I was between those alleged 9.500 users, but was never notified.

Now, at no moment I'm saying that people shouldn't be careful when opening links and stuff, and I know there are many ways of getting somehow dedicated phishing attempts; mostly because bad internet browsing habits, but this is a different case. And again, we are not discussing the quality of the attempt.

I will also add that I'm seeking some legal advice to see if I can open a claim against Ledger for the way they've had handled things. First of all, I consider a company that sells hardware wallets should have an above average cybersecurity protocols/development/call it the way you want to call it. It's true that we are human and they can, as any other company can, get hacked and have customer data leaked; but the way they've handled it... that what really bothers me. Once I receive some kind of answer from my advisor, I will either simply update this post, or if there's something that can actually be done, I may create a whole thread just to let affected people know.


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on October 29, 2020, 10:42:32 PM
People who are defending company Ledger in this case are probably paid shillers and should not be trusted at all.
Let's hope enough people will sue Ledger for not keeping data safe, and exposing all to hackers.
Their lack on care and privacy for customers can also be seen on their website that is full of adds and trackers:

https://i.imgur.com/vlnbvPc.jpg
https://themarkup.org/blacklight?url=www.ledger.com

I will also add that I'm seeking some legal advice to see if I can open a claim against Ledger for the way they've had handled things. First of all, I consider a company that sells hardware wallets should have an above average cybersecurity protocols/development/call it the way you want to call it. It's true that we are human and they can, as any other company can, get hacked and have customer data leaked; but the way they've handled it... that what really bothers me. Once I receive some kind of answer from my advisor, I will either simply update this post, or if there's something that can actually be done, I may create a whole thread just to let affected people know.

I fully support you here.
Better to react now than to wait for them to mess up something more serious like firmware for example.
They need to be much more serious, and not act like bunch of junkies from garage.

My conclusion is that I will never again recommend Ledger wallet to anyone, and will tell people to use alternatives like Trezor.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on October 30, 2020, 12:28:17 PM
Surprise surprise; I've checked back all the emails Ledger sent me around that time, and besides the general email (saying the same that the blog entry says), I did not receive any "dedicated email", but what I have received is a SMS addressing me by the name I provided to the company at the time I made my only purchase to them. This leads me to believe that I was between those alleged 9.500 users, but was never notified.
That is worrying. That can mean that they either don't know what was leaked and in what quantities, or they are lying about it so as not to cause further harm to themselves and potentially lose customers.

Another thought. Those official messages that Ledger sent to their users informing them about the security breach, could have been marked as spam by your email client. In that case they would be deleted by now. Hotmail, for example, deletes spam messages after 10 days, but I am not sure if they move them to the trash bin or if they get removed entirely. You say that you checked now, but a lot of time has passed. You don't remember seeing any at the time?  

I will also add that I'm seeking some legal advice to see if I can open a claim against Ledger for the way they've had handled things.
I would be interested to learn what you find out.


Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on October 30, 2020, 07:09:37 PM
That is worrying. That can mean that they either don't know what was leaked and in what quantities, or they are lying about it so as not to cause further harm to themselves and potentially lose customers.
Nothing that would actually surprise me; if the leak was of close to 1.000.000 customers, and EVERYONE was affected, can you imagine the bad press, and even panic that would come? It wouldn't matter that the wallet related information or stuff was still safe, they'd be facing many many loses.

Quote
Another thought. Those official messages that Ledger sent to their users informing them about the security breach, could have been marked as spam by your email client. In that case they would be deleted by now. Hotmail, for example, deletes spam messages after 10 days, but I am not sure if they move them to the trash bin or if they get removed entirely. You say that you checked now, but a lot of time has passed. You don't remember seeing any at the time?  
Altough possible, that is highly unlikely. I have a mail tab always open in one of the monitors I have, and I check every inbox everyday.


Title: Re: New Ledger phishing mail targets individual users
Post by: o_e_l_e_o on October 31, 2020, 07:34:09 PM
Surprise surprise; I've checked back all the emails Ledger sent me around that time, and besides the general email (saying the same that the blog entry says), I did not receive any "dedicated email", but what I have received is a SMS addressing me by the name I provided to the company at the time I made my only purchase to them. This leads me to believe that I was between those alleged 9.500 users, but was never notified.
Possibly. Or possibly your email address was enough to de-anonymize you. Between publicly viewable information on Google, Facebook, Instagram, Twitter, LinkedIn, etc., and a variety of private database hacks and leaks, often an email address is more than enough to find all your personal details. Have you used that email elsewhere? Is it the same email you use for crypto exchanges or services in which you have completed KYC?

First of all, I consider a company that sells hardware wallets should have an above average cybersecurity protocols/development/call it the way you want to call it. It's true that we are human and they can, as any other company can, get hacked and have customer data leaked; but the way they've handled it... that what really bothers me. Once I receive some kind of answer from my advisor, I will either simply update this post, or if there's something that can actually be done, I may create a whole thread just to let affected people know.
I wish you luck, and I completely agree that Ledger should have better security in place, but I suspect you will get nowhere. There are plenty of far more egregious hacks, leaks, and vulnerabilities in the crypto space, including huge losses of money and losses of far more personal information, including KYC data and scanned documents, all of which have resulted in no action against the companies responsible. In terms of how Ledger handled it; what would you have had them do differently? As LeGaulois has said above, they took all reasonable steps following the breach.



This serves to highlight that your personal information is your responsibility. If you give it to anyone, even companies you trust or think you can trust, even security related companies, even huge reputable exchanges, you are putting it and yourself at risk.


Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on November 02, 2020, 03:39:17 PM
-----
Wooops, this post did slip trough the cracks, sorry for the late reply....

First of all, no; altough possible it's highly unlikely that the email used was enough to deanonymize me, as I use different addresses for personal and crypto stuff (addresses in plural) and never mix them up. I had never before used that email together with the phone number or the name I provided to Ledger, so I'm pretty confident that the leak came from them.

Now, I don't know how I would've handled that if I was Ledger, because I have little to no idea about personal data handling regulations. I know however, that if they claimed to only have 9500 affected users, and I was not between those users but now it turns out I am; there is something that they have not done correctly; and that's exactly what I'm after.


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on November 05, 2020, 02:22:33 PM
Now, I don't know how I would've handled that if I was Ledger, because I have little to no idea about personal data handling regulations. I know however, that if they claimed to only have 9500 affected users, and I was not between those users but now it turns out I am; there is something that they have not done correctly; and that's exactly what I'm after.

I think Ledger manipulated the numbers a little (maybe a lot), and also that there may have been omissions when sending alerts via email. What is the case with me on Gmail (and confirmed by others) that many legitimate Ledger emails end up in a spam folder - did you perhaps check there? Of course now it's probably too late for that, because at least in the case of Gmail such emails are deleted automatically after 30 days.

As for the SMS, can you tell us from which network/country it was sent? Most smartphones have the function of blocking calls and messages from a certain number, maybe the attacker uses the same number so some could block it in advance.


Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on November 05, 2020, 03:17:11 PM
What is the case with me on Gmail (and confirmed by others) that many legitimate Ledger emails end up in a spam folder - did you perhaps check there? Of course now it's probably too late for that, because at least in the case of Gmail such emails are deleted automatically after 30 days.
Altough likely, it's quite improbable because I regularly, not to say daily, check all my inbox folders on every email.

Quote
As for the SMS, can you tell us from which network/country it was sent? Most smartphones have the function of blocking calls and messages from a certain number, maybe the attacker uses the same number so some could block it in advance.
I wish I could; I don't know if it's a feature from my phone or something the sender set up, but the only thing I see in the sender info is "LEDGER". No number, nothing else.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on November 06, 2020, 10:21:22 AM
What Lucius mentions is certainly possible. It would be interesting to see if there are more cases like Csmiami, where users never received that additional email from Ledger, but somehow ended up receiving spam/phishing SMS messages. And what are the email providers they used.

A few years ago at work, I stopped receiving work-related emails to one of my Hotmail accounts. Other colleagues who weren't using Hotmail, received them just fine. After discussing the issue with my team, I decided to switch from Hotmail to Yahoo, because most of them connected their Yahoo accounts. It never happened again.

When I was using Hotmail, the emails stopped coming altogether. They weren't sent to my spam folder. I didn't get them at all.      


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on November 06, 2020, 11:40:33 AM
I wish I could; I don't know if it's a feature from my phone or something the sender set up, but the only thing I see in the sender info is "LEDGER". No number, nothing else.

I have to admit that it was quite naive of me to think that those behind this attempt at phishing would not protect themselves, and this is definitely possible if you use one of the many services that offer anonymous texting (https://www.anonymoustext.com/). Many years ago I used such services to prank my friends, and now they are used for some much more serious things. The option I have on my smartphone allows me to block all messages or calls coming from an unknown sender, but although it has its advantages, it can also block a completely legitimate call or message.

The only thing left for us is to be careful and not click on the links that come to us in SMS and e-mail messages - and more importantly know that we never enter the seed anywhere else except in the hardware wallet itself.


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on November 07, 2020, 01:03:46 PM
Never received a "personal" notification from Ledger after the original hack... have not received any phishing emails or SMS messages recently (not even to my spam folder).

What I did receive was an email from Ledger with the subject heading "Ledger Security Alert: be cautious with phishing attempts", which (somewhat ironically) went to my spam folder ::) So, kudos to them for at least trying, I guess ::)


As a side note, to whomever it was considering legal action, unless you can prove "willful negligence", you're probably unlikely to succeed.


Title: Re: New Ledger phishing mail targets individual users
Post by: bL4nkcode on November 08, 2020, 06:07:13 PM
Never received a "personal" notification from Ledger after the original hack... have not received any phishing emails or SMS messages recently (not even to my spam folder).

What I did receive was an email from Ledger with the subject heading "Ledger Security Alert: be cautious with phishing attempts", which (somewhat ironically) went to my spam folder ::) So, kudos to them for at least trying, I guess ::)
Fortunately, had this the same, I tried to check my 2 emails used to purchased there since I purchased there more than 3 times but never received this phishing email, but I received an email on july regarding the e-commerce & marketing breach and this "Ledger Security Alert" just this oct. though in spam both.


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on November 09, 2020, 01:03:25 PM
I am now hearing reports from people that say that Affiliate DB is also leaked!
One man reported that he used separate unique email for Ledger affiliate program, and he received phishing emails.
Marketing DB - leaked
e-commerce DB - leaked
Affiliate DB - leaked.
https://www.reddit.com/r/ledgerwallet/comments/jqiftv/this_is_unbelievable_a_new_ledger_leak_that_was/


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on November 09, 2020, 11:40:21 PM
Affiliate DB - allegedly leaked.
https://www.reddit.com/r/ledgerwallet/comments/jqiftv/this_is_unbelievable_a_new_ledger_leak_that_was/
As far as I can see, the company has not confirmed nor denied this... and I don't see any other users claiming that their affiliate info was leaked. Having said that, on the balance of probabilities, I'd say it was probably likely that it did happen, especially if all their systems were integrated :-\

Given that they have admitted the other data was leaked, I see no reason for Ledger to deny that the affiliate data was leaked if it did indeed happen. I would assume they are busy investigating this claim. Hopefully they can make a statement at some point in the (very) near future to clarify the status of this data, so users can be advised and take any necessary precautions.

I feel for the folks currently getting spammed with scam text message "alerts"... must be alarming receiving a text with your full name claiming you've sent a transaction that you didn't, with a link to a website registered in your local region! :o :o

This entire episode has been a complete PR disaster for Ledger... their (normally) overworked and "slow" support is now pretty much completely swamped with requests to delete personal data (which don't seem to be being actioned)... and this is all down to what Ledger are claiming was a "misconfigured, Third Party API key". Going to take them years (if at all) to regain the trust of a lot of users.


Title: Re: New Ledger phishing mail targets individual users
Post by: o_e_l_e_o on November 10, 2020, 10:04:48 AM
More reports across Reddit of users who either were supposedly not part of the 9,500 affected individuals from the previous data leak, or users who used unique email addresses for affiliation and marketing reasons, all getting targeted phishing emails. A little bit of digging also found this comment from a Ledger staff member:

Hello,

As soon as we discovered the data breach in July 2020, we patched it.

Since then, we lead two penetration tests with a third party consultancy to verify and improve the security of your data.

We did not encounter a new data breach since July.

As said in another post, two weeks ago, we've been made aware that some of our customers are being targeted by phishing attempts. Some of these customers were not part of the 9,500 individuals for whom we know that data other than email were also exposed, such as first and last name, postal address, phone number or ordered products. In the current state of our knowledge, It is not technically possible to state the exact scope of the leak of this detailed data.

Hope It helps.

So, in the absence of any evidence of a further data breach, it looks like the July data breach was much larger than they initially thought. It is more than a little concerning that they "cannot state the exact scope of the leak of this detailed data". They have no idea what has been breached.

Between the unpatchable Trezor vulnerability, and this extensive Ledger leak, I'm close to giving up on hardware wallets altogether. Most of my funds are on airgapped, encrypted, cold storage, but that just isn't an option for your average Joe, at least not until they've been involved in crypto for a while and understand the process and risks. What can we recommend for newbies that is more secure than a software wallet but still straightforward and easy to use?

And I'll repeat my advice regarding this kind of thing that I've said before: If you have given personal details, email addresses, name, telephone number, physical address, etc. to any crypto company, do yourself a favor and look at their Terms and Conditions and Privacy Policy and figure out how to request that they delete it.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on November 10, 2020, 10:33:07 AM
I feel for the folks currently getting spammed with scam text message "alerts"... must be alarming receiving a text with your full name claiming you've sent a transaction that you didn't, with a link to a website registered in your local region! :o :o
If the hackers have full names of Ledger users, I wonder why they didn't use full names when sending out those phishing emails. They used only the first name. When services like your bank or PayPal contacts you, they always address you with the full name.

What can we recommend for newbies that is more secure than a software wallet but still straightforward and easy to use?
I wouldn't give up on hardware wallets just yet. Sure, it sucks having your data leaked. I would recommend purchasing hardware wallets with crypto. At least that would prevent having your bank/card details leaked. Shipping it to your place of work instead of to your own home is also not bad. Buying a burner phone or secondary SIM card whose number you would use to pick up the package is also an option.   


Title: Re: New Ledger phishing mail targets individual users
Post by: o_e_l_e_o on November 10, 2020, 11:14:45 AM
I would recommend purchasing hardware wallets with crypto. At least that would prevent having your bank/card details leaked. Shipping it to your place of work instead of to your own home is also not bad. Buying a burner phone or secondary SIM card whose number you would use to pick up the package is also an option.
I have multiple hardware wallets (and some other bitcoin related products) from multiple companies. I purchased all of them using well-mixed bitcoin, with a disposable email address, a fake name, and shipped them to a drop off point where I picked them up from. I have zero concern about my details being leaked - indeed, I haven't even checked to see if the fake name and email I used with Ledger showed up in their breach (I think I could probably still find the log in to the email backed up on an external hard drive somewhere, but I certainly don't remember it having not used it for several years).

However, none of that is newbie friendly.

"Use disposable email addresses, create a fake identity, find a neutral shipping location you can pick up from, and make sure the bitcoin you buy with is anonymized" is not newbie friendly.
"Find an old computer, physically remove the WiFi card, keep it airgapped forever, format it, install Linux, encrypt the whole disk, install a wallet on it, and then export the xpub to create a watch only wallet" is not newbie friendly.

"Buy a hardware wallet and plug it in" is newbie friendly. "Download this piece of software" is newbie friendly. However, neither of those seem particularly secure any more.


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on November 10, 2020, 12:42:12 PM
I have multiple hardware wallets (and some other bitcoin related products) from multiple companies. I purchased all of them using well-mixed bitcoin, with a disposable email address, a fake name, and shipped them to a drop off point where I picked them up from. I have zero concern about my details being leaked - indeed, I haven't even checked to see if the fake name and email I used with Ledger showed up in their breach (I think I could probably still find the log in to the email backed up on an external hard drive somewhere, but I certainly don't remember it having not used it for several years).

However, none of that is newbie friendly.

I have done something similar like you, so it's almost impossible that someone connects me, or my address and phone number with my hardware wallet, but I am a privacy freak.

Majority of people who purchased Ledger are newbies, and they just visited website, registered and left real name, real phone number and real address.
Now we see reddit and internet blowing up with customer complains and Ledger reputation is ruined forever.
Maybe they will give wallets for free soon to attract new users :D

I will have to write a Guide - How to buy a Hardware Wallet the right way (https://bitcointalk.org/index.php?topic=5288201)


Title: Re: New Ledger phishing mail targets individual users
Post by: Coin-Keeper on November 10, 2020, 06:56:02 PM
I also received emails from "Ledger".  I didn't even buy anything and simply asked a few questions using one of my Tutamail accounts via TOR.   Those don't come back to me but sure enough those phishing emails were sent to me there.


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on November 10, 2020, 11:25:17 PM
I also received emails from "Ledger".  I didn't even buy anything and simply asked a few questions using one of my Tutamail accounts via TOR.   Those don't come back to me but sure enough those phishing emails were sent to me there.
That's expected... given that the "marketing" DB was leaked as well as the "customer" DB. If they had your email at any stage, you were likely on the "mailing list" :-\


So, in the absence of any evidence of a further data breach, it looks like the July data breach was much larger than they initially thought. It is more than a little concerning that they "cannot state the exact scope of the leak of this detailed data". They have no idea what has been breached.
This is probably the most disconcerting thing. They don't really appear to have any idea of what exactly was leaked. :-\


At least they finally seem to be starting to "get it":
...
We know we fucked up, we try to get it right for you.

Although, I doubt there is realistically much they can do to "get it right" for the affected users. The proverbial horse has bolted, so the data is out there... It's not like Ledger can "undo" this. :-\


Title: Re: New Ledger phishing mail targets individual users
Post by: o_e_l_e_o on November 11, 2020, 08:43:27 AM
At least they finally seem to be starting to "get it"
The comment two below that highlights my concerns from above though:

Some didn't receive that specific email because the logs we have in our possession show that 1M emails leaked plus 9500 more detailed personal info.

So they have no idea the full scope of the data breach. They can only prove that 9,500 customers had their full details leaked, but the flurry of reports of people being targeted by phishing messages who did not receive the email sent to those original 9,500 customers suggests that this number is actually far higher, but nobody knows how high. Their entire database could have been leaked for all we (or they) know.

This must be a real let down for the engineers and programmers working on the actual devices (which I still like), that some idiot who can't encrypt a database properly has ruined the entire company's reputation.


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on November 11, 2020, 02:08:16 PM
Although, I doubt there is realistically much they can do to "get it right" for the affected users. The proverbial horse has bolted, so the data is out there... It's not like Ledger can "undo" this. :-\

Ledger can only try to reduce the damage by trying to make the job of hackers as difficult as possible. In this regard, I received this e-mail today (and I assume that others will receive it as well). Now we can only wonder if it is just one hacker who has this database, or the database has already been sold and used by multiple individuals. One hacker, just one copy of the database, and one wrong step by that same hacker would be the ideal combination to get Ledger out (somewhat) of this situation.

Quote

Dear client,

Ledger users are under attack and targeted by a phishing scam (here is a link to understand the anatomy of a phishing attack).

Kraken Security Lab has done a great job at describing what’s going on and we appreciate their help in this matter :

https://blog.kraken.com/post/6746/ledger-phishing-scam-targets-crypto-hardware-wallet-users/

Today, we want to let you know that Ledger is fighting hard to defeat the scammers.

But we also want to let you know that we’ll be stronger together.

Help us #StopTheScammers

The two main ideas you should leave with after reading this post are :

    Never share your 24 words with anyone.
    Help us take the scammers websites down.

The best way to stop the scammers is to take their websites down as quickly as possible. Here's how you can help:

    Spread the word: talk to your friends and your communities and let them know that they must never share their 24 words with anyone under any circumstances, Ledger will never ask for their 24 words. No one should ever ask you for your 24 words… It’s something that you must absolutely keep for you.
    If you have received a phishing attempt or if you are aware of an illegal website, like the ones above, please report it to Google Safebrowsing. The more we report these illegal websites to Google, the more difficult it will be for scammers to deceive our Ledger users.
    If you have received a phishing attempt, you can file a complaint with your local criminal authority.

Phishing scams are one of the critical problems in cybercrime. The Ledger community will be better protected if we all work together.

When you find a scam, report it to the community: #StopTheScammers

We understand the stress and uncertainty these phishing attacks may be causing you. We want to assure you that our team is doing everything in our power to stop these attacks.

What is our team doing ?

    Members of our Donjon security team are continuously tracing the scammers' new website URLs, so that we can  share the necessary technical information for the relevant authorities
    Managing and updating an on-going criminal complaint through the French Public Prosecutor to enable the police force to identify and prosecute those responsible.
    Subpoena requests have been sent in the US and in France to obtain from the internet intermediaries and communications operators full disclosure of the identity of the responsible.
    Reaching out to international cyberdefense organizations to bring the case to their knowledge. This is a way to increase the magnitude of this complaint by using these international cyberdefense organizations enormous and transnational capabilities.
    Our brand protection internal and external teams are reporting illegal  websites to abuse contact of the registrars. Within the last few weeks, 87 websites have been reported and 42 shutdowns. Some registrar fail to be reactive which explains why websites are still active despite Ledger notifying them several times following the abuse procedure.
    Communicating with our customers and community, answering thousands of questions and updating users with new information as it is available through our support center, Twitter, Facebook, email, Reddit, etc.


We will be stronger together.

#StopTheScammers

Pascal Gauthier

CEO at Ledger


Title: Re: New Ledger phishing mail targets individual users
Post by: o_e_l_e_o on November 11, 2020, 02:18:47 PM
Now we can only wonder if it is just one hacker who has this database, or the database has already been sold and used by multiple individuals.
Has there been any evidence of the database being sold? I remember there was a supposed hack back in May, where details of both Ledger and Trezor customers was purportedly up for sale, but it turned out to be a fake. Conversely, I don't remember ever seeing anything suggesting this database has been put up for sale anywhere.

Having said all that, I also haven't seen a single report on here or on Reddit or a user falling victim to these phishing messages yet. Perhaps Ledger's preemptive emails have worked.


Title: Re: New Ledger phishing mail targets individual users
Post by: LeGaulois on November 11, 2020, 05:54:17 PM
@o_e_l_e_o

The person would be a bit dumb to resell it several times, at least right now. Competition is never good.
This is what they usually do once they have abused the database enough. Probably the person will start next to send emails about stupid airdrops and co.
Anyway, you will notice when more persons have the database when you get spam daily (or more spam than usual).

About people victims of this campaign. I saw a person who lost money with the trap, unfortunately. And the hacker collected over 100 BTC already

@Lucius

Thanks for posting. It will avoid people here saying Ledger's doing nothing  ::)


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on November 12, 2020, 10:44:27 AM
Now we can only wonder if it is just one hacker who has this database, or the database has already been sold and used by multiple individuals.
Has there been any evidence of the database being sold?
The only way to know is by checking underground onion sites and hacking forums where things like this are usually distributed and sold. Whoever has the data will not let the general public know. If I was interested in deep internet marketplaces, that's where I would check.   


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on November 12, 2020, 10:59:40 AM
Has there been any evidence of the database being sold?

So far there is no such evidence, and from what I have read Ledger is using the services of Orange Cyberdefense which tries to find any evidence that the database has been sold or is being sold on the black market.

Meanwhile, Ledger said France’s Data Protection Authority, the CNIL, was notified about the breach on July 16. The firm is also working with the Orange Cyberdefense (OCD) to find any evidence of the stolen data being sold online.

Having said all that, I also haven't seen a single report on here or on Reddit or a user falling victim to these phishing messages yet. Perhaps Ledger's preemptive emails have worked.

There are always those who will believe in anything, we all know that phishing has been an effective way before, and I have no doubt it is not even more effective when targeting users on a personal level. Of course, there are differences in that everything is not left to the users, and that Ledger is maximally involved in the whole thing. I think this is too big thing to stay at lower levels of investigation, and that sooner or later the person or persons behind this will be discovered.



@Lucius
Thanks for posting. It will avoid people here saying Ledger's doing nothing  ::)

You're welcome, but I doubt it will help that someone doesn't accuse us of being part of the Ledger gang ;)


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on November 13, 2020, 08:39:21 AM
Ledger is worst crypto company I ever saw in my life and only novel writers here in their bubble supports them after all we seen.
This is how Ledger 'fixes' things in translation means - doing nothing:

https://i.imgur.com/9ykTHqS.png

What you see here is one more stupid Ledger wallet app bug that shows unreal spikes your portfolio at beginning of each month.
Everyone including Ledger developers are aware of this bug for several months and maybe even a year, but they keep ignoring it and delaying fix.
This is how they (not) fix everything in Ledger...  ::)

I am not using Ledger app all the time, but when I need to update I always look at this spikes  :D

Let's see how 'effective' Ledger is:

Quote
Ledger database compromised ?
Before you down-vote me into oblivion please read carefully.

After reading all this security chaos I decided to email ledger about deleting my personal information.(yesterday)
I did not make any purchases or had any type of contact with ledger for over 2 years now and the email I used for previous purchases I used ONLY for ledger.com
I should mention that I was not affected from the previous ledger data leaks.

In anticipation of having a reply from ledger about my personal information, Today i logged in to this email and received so far 2 scam messages.

Which leads me to believe their entire database right now is compromised. I never got a reply from ledger and from what I read around here I should not expect any.

Take care.
https://www.reddit.com/r/ledgerwallet/comments/jt04h8/ledger_database_compromised/
archive: https://archive.vn/N8ERi


Quote
Is moving home the only way to feel sort of safe again after Ledger leaked my home address to criminals?
I’m serious, I am worried for my families well being. I look online at home security devices and best legal weapons to keep at home. This hack has screwed with me mentally and I want to be compensated. Is there a lawyer already on the case?
https://www.reddit.com/r/ledgerwallet/comments/jt4jew/is_moving_home_the_only_way_to_feel_sort_of_safe/
archive: https://archive.vn/3Mz1H

Quote
Never got notified of Ledger security breach
I bought a ledger in May. I then got a phishing text Sunday which I knew was a scam, and then an email today from Ledger warning about phishing attacks.

Researching this today I see that this breach occurred months ago and I read their statement about how they were notifying everyone and doing many steps to make their systems more secure.

I was clearly in the batch of the lucky 9,000 (not sure I even trust that number now) who had not just their email but all their contact details leak and yet got notification.

Right now my confidence in ledger is at a zero, considering they couldn’t even handle notifications correctly after a security breach.
https://www.reddit.com/r/ledgerwallet/comments/jsalq8/never_got_notified_of_ledger_security_breach/
archive: https://archive.vn/fZM5F

Quote
Compensation in EU

In EU, the GDPR gives a right to claim compensation from an organisation if you have suffered damage as a result of it breaking data protection law, which includes breaches. This does require the person to have suffered “material damage” (e.g. you have lost money) or “non-material damage” (e.g. you have suffered distress).

I've been getting phishing messages from fake 'Ledger' numbers, using my real name and phone number, so I am assuming that they know my personal address as well and this is a pretty big deal, since now I have to worry that someone can physically rob me, knowing I have a Ledger, which is obviously causing 'non-material damage', e.g. distress.

According to ICO (https://ico.org.uk/your-data-matters/data-protection-and-journalism/taking-your-case-to-court-and-claiming-compensation/), before taking the case into court, you can agree for compensation with the company, and I was wondering if anyone has spoken to Ledger about this yet?

I am genuinely considering going to court with this though, to be honest.
https://www.reddit.com/r/ledgerwallet/comments/js6o9n/compensation_in_eu/
archive: https://archive.vn/PK0xB


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on November 13, 2020, 11:08:42 AM
@dkbit98
They have caused a huge shitstorm, and one that they will have a very hard time to recover from. If the first user you quoted is telling the truth, it means that their database is being leaked even now as we speak. How else can you explain that the user has not received any phishing messages in the past, and was originally not affected by the leak, until he emailed them? Only then he started receiving phishing messages.

It can be either a huge coincidence and that his details were leaked together with the other users in the July hack, and the hackers only now found the time to contact him, or his info was leaked after he sent that email a few days ago.


Title: Re: New Ledger phishing mail targets individual users
Post by: jerry0 on November 27, 2020, 06:09:31 AM
How many people here got that phishing email?  I checked my email and don't see it.  So it affect one percent of the nano ledger users database?


Also in an article it was said that this phishing lead to many users losing their crypto... especially ripple.  Can someone explain this?  So the phishing email tricked users into downloading a fake ledger live or was it some other program?  Then how did users lose their ripple then which i heard was the main coin that was lost here?  Am i assuming those users typed their ledger seed into the software?


Because since nano ledger is a hardware wallet, even if your computer is compromised as in virus/malware/keylogging, doesn't the seed as long as its not typed in the computer somewhere still safe?


Title: Re: New Ledger phishing mail targets individual users
Post by: bob123 on November 27, 2020, 12:07:03 PM
How many people here got that phishing email?  I checked my email and don't see it.  So it affect one percent of the nano ledger users database?

We don't have exact numbers.
But it seems like a not too small percentage is affected.

I, personally, didn't receive any mail either.



Also in an article it was said that this phishing lead to many users losing their crypto... especially ripple.  Can someone explain this?  So the phishing email tricked users into downloading a fake ledger live or was it some other program?  Then how did users lose their ripple then which i heard was the main coin that was lost here?  Am i assuming those users typed their ledger seed into the software?

Possible.
Basically, they either downloaded malware which asked them to enter the mnemonic code or created a transaction which the user blindly accepted (for whatever reason) or they entered the mnemonic code somewhere online.



Because since nano ledger is a hardware wallet, even if your computer is compromised as in virus/malware/keylogging, doesn't the seed as long as its not typed in the computer somewhere still safe?

Yes, that's correct.
If you follow the basic guidelines (e.g. not typing your mnemonic into malware), you are fine.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on November 27, 2020, 12:11:02 PM
@jerry0
The mails might have gotten into your spam folder. Unless you check it regularly, they get deleted after a week or two, depending on the client.
It is just a coincidence that users lost XRP. That coin is surely not targeted for some reason.
Yes, users received a link telling them to download a new version of the software. Once installed, it asked users to enter their 24-word seeds. Those who did, sent their seed to the hackers.

Your seed and private keys are kept on your hardware wallet, even if your computer is compromised. Nobody can access assets on a crypto wallet remotely because they need to to confirm transactions by pressing the buttons on the hardware device. This can only be done by the person in possession of the wallet, not via the Internet.  


Title: Re: New Ledger phishing mail targets individual users
Post by: bob123 on November 27, 2020, 12:26:37 PM
It is just a coincidence that users lost XRP. That coin is surely not targeted for some reason.
Yes, users received a link telling them to download a new version of the software. Once installed, it asked users to enter their 24-word seeds. Those who did, sent their seed to the hackers.


The attack:
  • A phishing mail targeting badly informed user to retrieve a hardware wallet mnemonic code.
The targeted Coin:
  • A coin which is a fully centralized shitcoin no sane and informed person would buy.


There might be some correlation  ;D


Title: Re: New Ledger phishing mail targets individual users
Post by: LTU_btc on November 28, 2020, 07:24:29 PM
Few days ago I also got almost same email. Only diference from message in OP is sender address is legdersupport.com and number of customers is changed from 85 000 to 81 000. I almost immediately realised that something is wrong with this message because it was in my spam folder, while usually messages from Ledger is shown in my main folder.
Anyway, it's very typical phishing attack, not the primitive one, but not the most sophisiticated. Only difference  that they used database from Ledger to send these emails, while usually such data is collected from other sources, like phishing websites, sold email databases and etc.


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on November 29, 2020, 11:43:46 AM
Few days ago I also got almost same email.

I haven't received anything yet (email or SMS) yet, but even if that happens we all know that the danger exists only for those unfamiliar with the basics. I don't think most users will even see such e-mails because, as in your case, they usually end up in a spam folder - and when it comes to text messages, most smartphones have the option to block calls or messages from unknown numbers - which is not only useful in this case, but generally if you receive a lot of SMS spam.



Recently there was news that as many as 23 600 (https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/) databases were publicly available for several hours to download, so although it is not directly related to Ledger hack - check your accounts and change passwords if necessary.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on November 29, 2020, 07:45:06 PM
New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

This is how it looks:
https://i.imgur.com/LwRt23i.png 


Title: Re: New Ledger phishing mail targets individual users
Post by: bob123 on November 30, 2020, 11:00:57 AM
~snip~

Wow.. people have to be extremely uninformed to fall for something like that.. @ledger.com-e8-encryption-s24.email-n2-alert.app.. really?  ;D

People who still think there are "ledger accounts" with a hardware wallet.. are lost.
They will get compromised. Maybe not with this phishing mail, maybe not with the next.. but with some other in the future..


Title: Re: New Ledger phishing mail targets individual users
Post by: btcwish1 on November 30, 2020, 01:28:08 PM
New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

This is how it looks:
https://i.imgur.com/LwRt23i.png 

Yes I got this email as well.

I am worried that some newbies of hardware wallet may fall for this type of email. I have seen lot of phishing emails before from different companies but these ledger phishing emails really do like original!


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on November 30, 2020, 01:36:42 PM
Is there even something that resembles device authorization in the account settings on Ledger Live? I don't have access to the PC I have Ledger Live installed on at the moment so I can't check. I know Ledger is compatible with the Fido U2F app. Maybe they are asking users to disable login access to other devices. I haven't used the U2F app so not sure how it works.


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on November 30, 2020, 01:49:42 PM
https://i.imgur.com/wEHINZU.gif

I am reading one 'nice' thank you letter from one of the ledger customers on reddit:

Quote
Thank you Ledger
Since the loss of personal data by Ledger this summer, I have received numerous emails trying to gain access to my ledger.

Couple of days ago, I first got a text claiming a breach of the ledger and an additional link. Which makes it very clear where this data came from... I've seen a post with the same text on this page before.

I would like to take this opportunity to thank the Ledger team for taking good care of the personal data that they receive, especially since they operate in such a sensitive market (finance) and the fact that they informed numerous malicious actors that I have a ledger and probably some crypto, and my email, phone number and possibly home address.

Hey at least I got some sort of apology I guess.

Thank you Ledger.
https://www.reddit.com/r/ledgerwallet/comments/k3vp08/thank_you_ledger/

Quote
Hackers are now sending google maps link of your home address! 👀 to scare more people


New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

I expect to see more attempts like this from hackers to pair growing discounts from ledger.
They need new customer data as soon as possible.


Title: Re: New Ledger phishing mail targets individual users
Post by: btcwish1 on December 04, 2020, 01:49:03 PM
Yet another phishing email today. it is just not stopping:




Title: Re: New Ledger phishing mail targets individual users
Post by: ETFbitcoin on December 05, 2020, 12:19:55 PM
Is there even something that resembles device authorization in the account settings on Ledger Live? I don't have access to the PC I have Ledger Live installed on at the moment so I can't check. I know Ledger is compatible with the Fido U2F app. Maybe they are asking users to disable login access to other devices. I haven't used the U2F app so not sure how it works.

No, but it sounds convincing for people who don't know/remember how ledger hardware wallet/ledger live works.

Yet another phishing email today. it is just not stopping:

--snip--

Your screenshot expose your own email address, remove them if you don't want more spam.


Title: Re: New Ledger phishing mail targets individual users
Post by: suchmoon on December 06, 2020, 12:01:09 AM
My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.


Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on December 06, 2020, 12:03:17 PM
My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

Haven't you heard? New Ledger devices will come with a camera for face ID and a fingerprint scanner for fingerprint ID too!




Shouldn't have joked about that; now I have received that same SMS....

Funny thing is it's been sent by KYC, not by LEDGER (like the previous one)


Title: Re: New Ledger phishing mail targets individual users
Post by: suchmoon on December 06, 2020, 01:37:50 PM
Haven't you heard? New Ledger devices will come with a camera for face ID and a fingerprint scanner for fingerprint ID too!

I thought the device itself is a disguised anal probe so I got very excited... alas, they just wanted me to tap a very legit-looking link like ledger.com-send-us-all-your-personal-data-and-perhaps-your-seed-too-123456.app


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on December 06, 2020, 02:28:32 PM
My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

They asked politely.
Your best solution for this 'KYC' is to change your phone number, and maybe change your name and address if there is some special witness protection program :)

Check out this recent comment on reddit, that makes me think how (not) secure their system still is, and maybe all this hack stuff was some inside job:

Quote
Hello, first time poster but I think this might be relevant.

I first bought a ledger nano s about two years ago and was probably not among the people that had their data leaked this summer as I never received spam/phishing messages (neither by email or sms).

Last week, during black friday I decided to pick up another ledger as backup. I took some precautions such as using an alternative email and old phone number that I barely use.

The info is completely different from the first time a bought a ledger (even the address and payment method was different).

Today, I checked for the shipping tracking on the email used specifically for the purchase. In the spam folder, I notice there was that scammy ledger message ("download the update here"). Obviously, I immediately deleted the message.

If scammers had access to my email, it means that ledger must still be leaking data as they didn't have this specific info 7 days ago.

Can Ledger please confirm this? It would be nice to know if our private data continues to be handled poorly.

Quote
You are not the first to claim real time data leaks. This is insane! They are too busy moderating this subreddit of legitimate privacy concerns than to handle shit on their end to make sure these leaks aren't occurring. Wtf do they even use for their e-commerce?? They need to be made aware of this asap as they are equally responsible.
https://www.reddit.com/r/ledgerwallet/comments/k7t6wy/is_ledger_still_leaking_data/

I will do my own testing to confirm this with new temp email.


Title: Re: New Ledger phishing mail targets individual users
Post by: LTU_btc on December 06, 2020, 11:15:21 PM
New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.
This is how it looks:
https://i.imgur.com/LwRt23i.png
I also got similar message recently with few differencies, now they used French IP address. Yeah, it redirect to Google Docs, where link to website which claims to be Ledger.com is uploaded. But actually, it's half-broken phishing website with most of links not working.
BTW, I'm not sure that this email is related with database from Ledger. It might be just another common phishing email that we get almost daily from all kind of websites.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on December 07, 2020, 10:09:12 AM
I will do my own testing to confirm this with new temp email.
I was curious about the same thing so I already did this two days ago.

I created a new email address and I signed up to their affiliate program on the main website. I also signed up to their newsletter. I placed a Ledger device in the shopping cart and entered my email address. I didn't finalize the purchase but the email address was added and TOS accepted, etc. Now I am waiting to see if any phishing mails will arrive.

I just checked the email address and there was only 1 new email sent from their Newsletter department telling me about the Ledger Academy, Ledger Blog, etc. No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on December 07, 2020, 12:21:15 PM
I created a new email address and I signed up to their affiliate program on the main website. I also signed up to their newsletter. I placed a Ledger device in the shopping cart and entered my email address. I didn't finalize the purchase but the email address was added and TOS accepted, etc. Now I am waiting to see if any phishing mails will arrive.

I did the same thing because I don't fully trust what other people say or write and I like to confirm for myself.

Now I am just waiting to see if hackers will send me something to play with or not.


Title: Re: New Ledger phishing mail targets individual users
Post by: bob123 on December 08, 2020, 09:30:50 AM
No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

That's to be expected.

To be honestly.. if there would be an ongoing leak a.k.a. the attacker still have control over their systems, ledger would have proven to be the worst company in terms of customers data protection.

I really can't imagine that their server are still compromised, that would require some exceptionally bad incident response. Guess that's not impossible tho..


Title: Re: New Ledger phishing mail targets individual users
Post by: Stalker22 on December 08, 2020, 08:13:44 PM
No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

That's to be expected.

To be honestly.. if there would be an ongoing leak a.k.a. the attacker still have control over their systems, ledger would have proven to be the worst company in terms of customers data protection.

I really can't imagine that their server are still compromised, that would require some exceptionally bad incident response. Guess that's not impossible tho..


I guess there's always the possibility of something being overlooked (the baddies are always so ingenious), for example: man-in-the-middle attack or even some sort of 'inside job'. As in the recent twitter case.
They may not even know they are leaking data. Purely speculation on my part, of course...



Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on December 08, 2020, 09:34:35 PM
If you read the reddit threads, the Ledger staff claim that in every single case where someone has provided the appropriate details to them (ie. email address or phone number that received the phishing message), they have been able to identify that the data was already provided to them prior to the initial hack (ie. the person had already signed up for a newsletter or purchased a device using those details in the past).

It really is a "he said/she said" type situation... users claiming they received nothing until they purchased a black friday deal, then they magically start receiving messages... Ledger claiming there is no "ongoing" or "new" leak.

Having said that... I haven't purchased anything from them in over 3 years. Never received any messages/texts after the initial hack back in July/August etc... until I received the latest "We are sorry to tell you that due to the new KYC regulations, your hardware device has been deactivated." message 2 days ago. It wasn't even personally addressed, it just said: "Dear <my.email @address.com>"... so I'm not even sure if it was from the Ledger leak, or is just a semi-targeted campaign using details from one of the many crypto service hacks :-\


Personally, I think the users saying "I got this message after buying on Black Friday" is just a timing coincidence... but that still doesn't change the fact that Ledger fucked up originally and haven't done a great job of handling it. :-\


Title: Re: New Ledger phishing mail targets individual users
Post by: Coin-Keeper on December 08, 2020, 10:26:32 PM
I was the proud receiver of this last round of emails too.  Thankfully its a throw away email on tutanota.


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on December 09, 2020, 09:43:47 AM
Never received any messages/texts after the initial hack back in July/August etc... until I received the latest "We are sorry to tell you that due to the new KYC regulations, your hardware device has been deactivated." message 2 days ago.

I also received the first such message in an email a few days ago, but it was in a spam folder. The message itself is really a real joke, of course only for those who know that HW cannot be deactivated in the way someone is trying to present it.

Personally, I think the users saying "I got this message after buying on Black Friday" is just a timing coincidence... but that still doesn't change the fact that Ledger fucked up originally and haven't done a great job of handling it. :-\

There is no doubt that a company like this should not have allowed itself something like this, but when the hacking of the database happened, what could have been done better than what Ledger (https://bitcointalk.org/index.php?topic=5284407.msg55569205#msg55569205) is currently doing? What exactly would you do if you were in such a situation?


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on December 09, 2020, 10:48:33 AM
I really can't imagine that their server are still compromised, that would require some exceptionally bad incident response. Guess that's not impossible tho..
I don't think there are either. However, dkbit98 did share that reddit post (https://bitcointalk.org/index.php?topic=5284407.msg55766583#msg55766583) where a user claims that he received a phishing email after purchasing one of their devices. But if the reddit user hasn't posted any proof to support his claims, the chance that he is lying and trying to take a swing at Ledger while they are down is equally possible.

I received the latest "We are sorry to tell you that due to the new KYC regulations, your hardware device has been deactivated." message 2 days ago. It wasn't even personally addressed, it just said: "Dear <my.email @address.com>"... so I'm not even sure if it was from the Ledger leak, or is just a semi-targeted campaign using details from one of the many crypto service hacks :-\
I don't think it is related to the original leak. I received that device deactivated email as well, twice, on an email address not even remotely connected to the email used to purchase my Ledger device. It went into spam both times. I guess the senders just have a huge database of email addresses they have gotten their hands on.   


Title: Re: New Ledger phishing mail targets individual users
Post by: jerry0 on December 10, 2020, 04:15:56 AM
I received this email as well but it went to my spam folder.  So most users thus received this email then?


So what happens if you click on the link on the email?  Is it malware/virus/keylogger?


Or does it ask you for your seed? 


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on December 10, 2020, 10:30:40 AM
~snip~

It is mostly about trying to get someone to put their seed on a phishing site, but it is possible that this could infect your computer with a virus/malware. For you and most average users there is no point in clicking on a link, let’s leave that for those trying to locate hackers and prevent them from continuing with this dirty campaign.


Title: Re: New Ledger phishing mail targets individual users
Post by: bob123 on December 10, 2020, 03:32:17 PM
I don't think there are either. However, dkbit98 did share that reddit post (https://bitcointalk.org/index.php?topic=5284407.msg55766583#msg55766583) where a user claims that he received a phishing email after purchasing one of their devices.

Reddit users are... inexperienced to say at least.
Most of the people commenting there on crypto subs literally have not a single clue. These are the people who fall for phishing mails.

Just because some people on reddit claim something, this doesn't make it true. In fact, you should always assume that those people made the mistake themselves.



I guess there's always the possibility of something being overlooked (the baddies are always so ingenious), for example: man-in-the-middle attack or even some sort of 'inside job'. As in the recent twitter case.
They may not even know they are leaking data. Purely speculation on my part, of course...

A MITM is not related to that and wouldn't have any influence.

Whether it is an inside job or not, you do know when you are leaking data.
It's not something which "just happens" without being noticeable. There is enough evidence and there are definitely enough traces to see that data has been leaked and how it has been leaked.


Title: Re: New Ledger phishing mail targets individual users
Post by: ETFbitcoin on December 11, 2020, 11:20:29 AM
I just checked to throwaway email account and found out i also received few similar spam email. Additionally, i also receive few classic send X coin and you'll earn 2X spam, while the throwaway email never got any spam before Ledger server hacked.

I received this email as well but it went to my spam folder.  So most users thus received this email then?


So what happens if you click on the link on the email?  Is it malware/virus/keylogger?


Or does it ask you for your seed? 

Aside from what @Lucius said, it's possible they use unique link for each receiver, which mean they'll know that you open the email and open the link. They also could log your IP and browser fingerprint.


Title: Re: New Ledger phishing mail targets individual users
Post by: btcwish1 on December 12, 2020, 05:35:00 PM
Another phishing email today. It is just not stopping. I am worried about one thing. I didn't receive email about 'ledger live' before and I never used ledger live either.

But recently I installed ledger live and used ledger live.  Now I am getting phishing email about ledger live!!

https://i.imgur.com/pxFYGk8.jpg

https://i.imgur.com/3HdmQRk.jpg


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on December 12, 2020, 07:14:04 PM
Another phishing email today. It is just not stopping. I am worried about one thing. I didn't receive email about 'ledger live' before and I never used ledger live either.

But recently I installed ledger live and used ledger live.  Now I am getting phishing email about ledger live!!
It's most likely just a coincidence... a lot of people are receiving this "new" email.

Refer:
https://www.reddit.com/r/ledgerwallet/comments/kbtyix/data_breach_email/
https://www.reddit.com/r/ledgerwallet/comments/kbt4fv/so_wheres_the_attack_vector_in_this_email_theres/
https://www.reddit.com/r/ledgerwallet/comments/kbtpmq/ledger_data_breach/

And have a read of this: https://www.bleepingcomputer.com/news/security/fake-data-breach-alerts-used-to-steal-ledger-cryptocurrency-wallets/


Title: Re: New Ledger phishing mail targets individual users
Post by: aesma on December 12, 2020, 11:54:42 PM
btcwish1 : I've been using Ledger live for years and I just got the email too, for the first time. I must say it's well done, but not enough to convince me to change my PIN or whatever, I understand how the security of the Ledger works, and I also know there is no association between my email and my wallet.

It will definitely work on some people, I fear.

edit : and I didn't buy a Ledger since that one time years ago.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on December 14, 2020, 02:16:59 PM
It has been 9 days since I created a brand new email address, registered for the Ledger newsletter, signed up to their Affiliate program, and entered my email address in their shopping cart as part of an uncompleted purchase. I have not received a single phishing email to the brand new account. If the data was still being leaked, I think someone would have tried something by now and I would have received a phishing email.

@dkbit98
What about you? Have you received any bogus emails?

@btcwish1
My friend, who my Ledger device was shipped to, received phishing mails, and I received some on email accounts that are not connected to Ledger at all. Who knows how these people operate and what kind of databases they have gotten their hands on. 


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on December 14, 2020, 03:03:35 PM
What about you? Have you received any bogus emails?

Nothing received yet on new email I created, but it is interesting that I didn't receive any legit email from Ledger also, even if I am subscribed to their newsletter, so maybe they shut it down totally I don't know  :D

I do keep getting daily scam messages on my old email address, some of them go directly to spam folder, but they always create new address that shows up in my inbox.
I reported recently in scam accusations that this scammers are from Ukraine/Russia region.


Title: Re: New Ledger phishing mail targets individual users
Post by: suchmoon on December 14, 2020, 03:18:36 PM
My friend, who my Ledger device was shipped to, received phishing mails, and I received some on email accounts that are not connected to Ledger at all. Who knows how these people operate and what kind of databases they have gotten their hands on. 

"they" might have cross-referenced the Ledger list with some other lists to farm more related contact info, or sold the list to someone else who did it. I went through my spam folder and found at least one Ledger phishing e-mail received at an address that I never gave to Ledger but it still refers to me by name. It is possible that some other unrelated leak somewhere contained my name and e-mail too but that's a hell of a coincidence that it got a Ledger-themed e-mail and not the usual genitalia enlargement promotions.

Given that every fucking scammer knows "here is an address of a person who might have a decent amount of crypto because they bought a hardware wallet" it's just a matter of time before they start targeting family members.


Title: Re: New Ledger phishing mail targets individual users
Post by: LTU_btc on December 14, 2020, 08:14:59 PM
Nothing received yet on new email I created, but it is interesting that I didn't receive any legit email from Ledger also, even if I am subscribed to their newsletter, so maybe they shut it down totally I don't know  :D
Nope, I'm still getting legit emails from Ledger. I got it on 7th, 12th December and another one just 10 minutes ago. So, it's a bit strange that you haven't got anything.
Also, recently I haven't got phishing Ledger emails, just some Blockchain.con and PayPal scams. But probably it's only matter of time.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on December 15, 2020, 08:42:54 AM
Nothing received yet on new email I created, but it is interesting that I didn't receive any legit email from Ledger also, even if I am subscribed to their newsletter, so maybe they shut it down totally I don't know
They are still sending out those newsletters. I got my first one the day after I created my new email and registered for their newsletter. Maybe it is sent once a month or twice, and it just happened that I signed up the day before it was scheduled to be sent anyway.

https://i.imgur.com/ShgYqMY.png

...it's just a matter of time before they start targeting family members.
I would find that more troublesome than getting them myself.


Title: Re: New Ledger phishing mail targets individual users
Post by: ETFbitcoin on December 15, 2020, 11:47:30 AM
Given that every fucking scammer knows "here is an address of a person who might have a decent amount of crypto because they bought a hardware wallet" it's just a matter of time before they start targeting family members.

One only can hope their family member uses email provider with good spam filter and don't fall to such scam easily.

Nothing received yet on new email I created, but it is interesting that I didn't receive any legit email from Ledger also, even if I am subscribed to their newsletter, so maybe they shut it down totally I don't know
They are still sending out those newsletters. I got my first one the day after I created my new email and registered for their newsletter. Maybe it is sent once a month or twice, and it just happened that I signed up the day before it was scheduled to be sent anyway.

On most email newsletter, you can choose what kind of newsletter you want to receive (e.g. tips, new update or just important news).
It's possible you either didn't opt-in or intentionally opt-out from specific newsletter, i don't know whether ledger newsletter is opt-in/opt-out by default though.


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on December 15, 2020, 11:56:48 AM
Again I see people who recently purchased Ledger getting this phishing emails and sms from scammers.
Here is latest example from guy who purchased ledger just two weeks ago:
Quote
I just bought the Ledger two weeks ago. Now I am receiving a bunch of phishing emails I never got before from senders posing to be from Ledger.
I know there was a database breach a long time ago, but I just bought the Ledger X. Is there an inside employee leaking these emails? How can my email have been compromised within two weeks?
https://www.reddit.com/r/ledgerwallet/comments/kd6kbs/i_just_bought_the_ledger_two_weeks_ago_now_i_am/

And there are numerous reports on Legder not properly addressing tax, so people need to pay double taxes when they receive their wallet package.
What a joke   :D

Given that every fucking scammer knows "here is an address of a person who might have a decent amount of crypto because they bought a hardware wallet" it's just a matter of time before they start targeting family members.
Exactly, and they can sell all customer data to any local criminals and gangster if they want.


Title: Re: New Ledger phishing mail targets individual users
Post by: aesma on December 16, 2020, 01:21:22 AM
When you buy from a foreign country, outside of a trading block, duties are always tricky. I buy tons on cheap stuff on aliexpress and clearly nobody pays the taxes, it's just a game with the customs officer, sometimes you're caught and you pay.

A ledger being small they might go through fine most of the time.


Title: Re: New Ledger phishing mail targets individual users
Post by: LTU_btc on December 16, 2020, 09:22:44 PM
When you buy from a foreign country, outside of a trading block, duties are always tricky. I buy tons on cheap stuff on aliexpress and clearly nobody pays the taxes, it's just a game with the customs officer, sometimes you're caught and you pay.

A ledger being small they might go through fine most of the time.
Can you tell how phishing emails and taxes for goods is related?
Anyway, I think it's correct to compare Aliexpress and Ledger. When you buy from Ledger store, VAT is already added into final price. It depends on every seller what price they show on goods declaration and also it depends on customs of each country.
By the way, at least in Europe it won't be that easy to buy goods from China without paying taxes. From 2021, we will have to pay VAT for all goods from China, there will be no more exceptions for stuff which costs less than €22. Sorry if it's slightly off-topic :D.


Title: Re: New Ledger phishing mail targets individual users
Post by: btcwish1 on December 20, 2020, 01:46:20 PM
Yet again another phishing email. This time in the name of new KYC rules!! >:(

https://i.imgur.com/RX39MfK.jpg


Title: Re: New Ledger phishing mail targets individual users
Post by: aesma on December 20, 2020, 06:46:35 PM
When you buy from a foreign country, outside of a trading block, duties are always tricky. I buy tons on cheap stuff on aliexpress and clearly nobody pays the taxes, it's just a game with the customs officer, sometimes you're caught and you pay.

A ledger being small they might go through fine most of the time.
Can you tell how phishing emails and taxes for goods is related?
Anyway, I think it's correct to compare Aliexpress and Ledger. When you buy from Ledger store, VAT is already added into final price. It depends on every seller what price they show on goods declaration and also it depends on customs of each country.
By the way, at least in Europe it won't be that easy to buy goods from China without paying taxes. From 2021, we will have to pay VAT for all goods from China, there will be no more exceptions for stuff which costs less than €22. Sorry if it's slightly off-topic :D.

dkbit98 just above my post was adding another accusation against Ledger, that they mess up with the taxes.  I'm French so when I ordered my Ledger through their website, there was really no customs involved (it's a French company).

Yet again another phishing email. This time in the name of new KYC rules!! >:(

https://i.imgur.com/RX39MfK.jpg

You really need to not understand what it is you have bought to fall for that one.


Title: Re: New Ledger phishing mail targets individual users
Post by: FatFork on December 21, 2020, 08:43:02 AM
Looks like we can expect a new stream of Ledger phishing emails.
The stolen database has become available for free on 'RaidForums'. Ledger confirmed.

https://i.ibb.co/YBXw72z/Screenshot-2020-12-21-Ledger-on-Twitter.png


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on December 21, 2020, 08:46:55 AM
Now we see the truth what happened with hacked ledger database and one million customer information ending up on raidforums.
We can see that emails has attached name, physical addresses, phone numbers  and number assigned to it.

Quote
272.853 orders with full info details (Email, Addresses, Phone Number)
1.075.382 emails subscribed to newsletter

Now we see that ledger lied about real numbers of leaked customer data with full info.... real numbers are much much higher.

Better check if your email address is pwned and change it, oh and never trust ledger again:
https://haveibeenpwned.com/


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on December 21, 2020, 11:45:11 AM
Better check if your email address is pwned and change it, oh and never trust ledger again:

There is no need for any checks, everyone who has ever bought something from Ledger or left their e-mail address in any way is in that database - and all that information is now public, it’s just a matter of who suffered more damage because in addition to e-mail, all other data was leaked. Changing email means absolutely nothing, at least not for those who know how to recognize spam.


Title: Re: New Ledger phishing mail targets individual users
Post by: o_e_l_e_o on December 21, 2020, 11:55:52 AM
Yup, this is horrendous. The leak of 9,500 addresses was bad enough. The leak of 272 thousand addresses is horrendous. But that isn't even the worst thing. Ledger either lied and covered up the size of this leak, despite endless customer reports to the contrary, or were genuinely unaware of what data had been accessed, and this lasted for months. Either is inexcusable and unforgivable. There is zero trust left with Ledger.

I'm done with hardware wallets. I was done with Trezor after their critical vulnerability which they don't even warn new users about, and now I'm done with Ledger since they can't be trusted to be either competent, honest, or both. I am completely unaffected by this hack thanks to fake credentials, but I refuse to use my Ledger devices any longer. I'll be moving everything off them and in to airgapped cold storage as soon as the mempool empties.

Lots of reports on Reddit of people receiving ransom emails with their real name and address, and demanding payment to not be physically attacked. Horrendous.



As I've said before, if you have given your real name and address to any crypto company, now is a good time to contact them and request that they delete all of your information. Check their Terms of Service and Privacy Policy for how to go about doing so.


Title: Re: New Ledger phishing mail targets individual users
Post by: FatFork on December 21, 2020, 12:39:05 PM
Lots of reports on Reddit of people receiving ransom emails with their real name and address, and demanding payment to not be physically attacked. Horrendous.

This is really disturbing. I can't even imagine how these people are feeling right now.


Title: Re: New Ledger phishing mail targets individual users
Post by: ETFbitcoin on December 21, 2020, 12:52:50 PM
Now we see the truth what happened with hacked ledger database and one million customer information ending up on raidforums.
We can see that emails has attached name, physical addresses, phone numbers  and number assigned to it.

It also contain city, district/province and zip code, which could be used in case there's small typo on your address.

Quote
272.853 orders with full info details (Email, Addresses, Phone Number)
1.075.382 emails subscribed to newsletter

Now we see that ledger lied about real numbers of leaked customer data with full info.... real numbers are much much higher.

I can understand if the number is slighter higher than reported number, but 28 times over the reported number is horrendous. Ledger shoot their own feet this time.

Better check if your email address is pwned and change it, oh and never trust ledger again:
https://haveibeenpwned.com/

Or download the dump file from https://intelx.io/?did=8761746e-d333-4256-bbcd-9100c8722799 (https://intelx.io/?did=8761746e-d333-4256-bbcd-9100c8722799) since it's plain text and the size roughly only 50MB.
People who bought Ledger HW wallet definitely should check the dump file.


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on December 21, 2020, 01:02:33 PM
28 times over the reported number, ledger shoot their own feet this time.

When I told all the ledger shillers here that ledger team lies about 9500 number of full leak data, they told me I was wrong and to just trust the ledger. I don't see them now maybe because they got back into their small holes and hide.

Btw I think this download file you provided contains only emails and I can't find my email address there, but just to be safe I will probably change addresses I use.
EDIT: I found all other files also.

Yup, this is horrendous. The leak of 9,500 addresses was bad enough. The leak of 272 thousand addresses is horrendous. But that isn't even the worst thing. Ledger either lied and covered up the size of this leak, despite endless customer reports to the contrary, or were genuinely unaware of what data had been accessed, and this lasted for months. Either is inexcusable and unforgivable. There is zero trust left with Ledger.

They lied 100% like I said many times before, and anyone who have any contacts in darkweb could confirm this.
Zero trust confirmed and reputation ruined.
Here comes 100% discount from ledger soon...


Title: Re: New Ledger phishing mail targets individual users
Post by: ETFbitcoin on December 21, 2020, 01:15:48 PM
Btw I think this download file you provided contains only emails and I can't find my email address there, but just to be safe I will probably change addresses I use.

The UI of their website is a bit confusing, after you open link i mentioned, select "Tree", you should find link for whole leaked database. There's strict limitation without registration, so make sure you open file "Ledger Orders..." first.


Title: Re: New Ledger phishing mail targets individual users
Post by: suchmoon on December 21, 2020, 01:31:58 PM
Ledger confirmed.

No no no, they're "still confirming". Nothing to worry about. After months of phishing e-mails and texts and phone calls it might turn out to be a non-issue if they don't confirm. ;D

Fucking assholes and absolute clueless knobs when it comes to securing customer data or customer support or being in business altogether.


Title: Re: New Ledger phishing mail targets individual users
Post by: o_e_l_e_o on December 21, 2020, 01:40:22 PM
They lied 100% like I said many times before
They are claiming on Reddit that they did not lie, and the logs and investigation they performed revealed only 9,500 compromised addresses. As I said above, if they aren't lying then they are completely unaware about the security of their own systems, and someone managed to steal a quarter of million customers' details with Ledger being none the wiser. Not that it really matters - either is enough to never use them again.


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on December 21, 2020, 01:47:18 PM
People who bought Ledger HW wallet definitely should check the dump file.

I get data from GitHub (link posted here (https://bitcointalk.org/index.php?topic=5250787.msg55888274#msg55888274) - forum link), but finding your data is a bit more difficult, so it would be very useful for someone to make a search option, just enough so that everyone can see if only their e-mail or all other data has been published.


Title: Re: New Ledger phishing mail targets individual users
Post by: suchmoon on December 21, 2020, 01:50:49 PM
I get data from GitHub (link posted here (https://bitcointalk.org/index.php?topic=5250787.msg55888274#msg55888274) - forum link), but finding your data is a bit more difficult, so it would be very useful for someone to make a search option, just enough so that everyone can see if only their e-mail or all other data has been published.

Use your browser's search-on-the-page feature to find your e-mail. Or save that file and search with any text editor.


Title: Re: New Ledger phishing mail targets individual users
Post by: NeuroticFish on December 21, 2020, 02:02:08 PM
People who bought Ledger HW wallet definitely should check the dump file.

I think that's still not the whole data and I fear that more may come out.
I mean... they have "only" my e-mail address although I bought the device.
...and I've checked both files from the archive on github.


Should we make a rule and forward all the mails related to Ledger we receive to Ledger's mail addresses?
Or suing them and asking for financial compensations would make them understand better how big is the fuckup they've made?


Title: Re: New Ledger phishing mail targets individual users
Post by: suchmoon on December 21, 2020, 02:14:53 PM
They are claiming on Reddit that they did not lie, and the logs and investigation they performed revealed only 9,500 compromised addresses. As I said above, if they aren't lying then they are completely unaware about the security of their own systems, and someone managed to steal a quarter of million customers' details with Ledger being none the wiser. Not that it really matters - either is enough to never use them again.

Makes the recent complains about ongoing leaks not that far fetched anymore, doesn't it.



I checked a few zip codes around me and what do you know - the number of ledger buyers per zip code follows known indicators of wealth for those areas, e.g. income and real estate prices. This might turn out to be a very valuable dataset for a wannabe burglar.


Title: Re: New Ledger phishing mail targets individual users
Post by: Dadounet on December 21, 2020, 02:22:16 PM
Hi,

I just checked today and I saw all my coordinates in the leaked file: name, email, phone, address.
A real nightmare.
Now I'm really afraid of being attacked. Not for my money (actually, I only have a small amount of crypto.. but attackers cannot guess!), but for my personal security.
What can I do?



Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on December 21, 2020, 02:37:13 PM
----

Or suing them and asking for financial compensations would make them understand better how big is the fuckup they've made?

A lot of posts ago, I mentioned that I was seeking legal advise. I have contacted my national data protection agency and I'm waiting for an update; although I'll have to update them on this one new discovery first... I'm posting some updated back in the local spanish board, but if there's enough interest, I can also bring the most important developments here too.

I'm not seeking a personal financial compensation (although that'd be neat); but at least I'd like to see a huge fine addressed to them


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on December 21, 2020, 02:40:24 PM
What can I do?

Unfortunately, what few people can do just like that - and that would be to move to a new address, and change the e-mail and phone number. While it can never be ruled out that there will be a physical attack on someone because of this database, potential attackers don’t have (at least I hope they don’t) data on how much crypto we own.

It's not the same to rob someone online, and break into their house or apartment - I can only say that such people will not have a good time with me - or rather, it will be their last job.

For start if you don’t have security cameras and an alarm, it would be a good time to get it.



NeuroticFish&Csmiami, I think I've asked before if there is anything that can be done about it here on the forum, but I think the answer was that Ledger was pretty well protected on that. Personally, I would very much like to join a class action lawsuit.


Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on December 21, 2020, 02:45:37 PM
potential attackers don’t have (at least I hope they don’t) data on how much crypto we own.

Who knows, they are close sourced; something that has been vastly criticized; and maybe somewhere in the code, the device sends a report on the assets each device cointains everytime you use Ledger Live. I wouldn't be surprised if such a thing was exposed right know; considering how crazy it's been since July.

I have always mentioned that the vulnerability was disclosed in July, but that we don't know how long it's been exploited; even if Ledger did delete the data after a certain amount of time, if hackers had access prior to that, well, we know how it follows.


Title: Re: New Ledger phishing mail targets individual users
Post by: casperBGD on December 21, 2020, 02:54:45 PM
~snip
Personally, I would very much like to join a class action lawsuit.

I really do not think that this is possible, it is good to check all the documents that you been checking while leaving your data on Ledger website, but I would be surprised if Ledger leaved any space for people to pull a lawsuit against them over data hacking, it is what it is, and probably we can just be mad at them and choose another provider for hardware wallets


Who knows, they are close sourced; something that has been vastly criticized; and maybe somewhere in the code, the device sends a report on the assets each device cointains everytime you use Ledger Live. I wouldn't be surprised if such a thing was exposed right know; considering how crazy it's been since July.

I highly doubt that ledger live is sending data regarding your account in some central database, it would be of no use for them and highly risky for users, although I think that they cannot relate your BTC address on device with your personal data (since you create it with first use), if they can, then they would be able to have access to your mnemonic phase or private key, prior to sending you device, and that would be already exploited, so this is not the case certainly, they do not have crypto amount per user, may have per address on device (clearly doubt this as well), but this could not be related with physical person/address


Title: Re: New Ledger phishing mail targets individual users
Post by: suchmoon on December 21, 2020, 03:08:15 PM
Who knows, they are close sourced; something that has been vastly criticized; and maybe somewhere in the code, the device sends a report on the assets each device cointains everytime you use Ledger Live. I wouldn't be surprised if such a thing was exposed right know; considering how crazy it's been since July.

It doesn't have to be in Ledger data. If there is a leak of e-mail addresses from somewhere else, e.g. some bitcoin forum perhaps, and those e-mail addresses can be tied to assets, and you can look up a physical address in the Ledger leak - jackpot. Granted that's a lot of work with a low probability of success but someone somewhere will surely try it and will release a nicely collated list of targets just because they can.


Title: Re: New Ledger phishing mail targets individual users
Post by: o_e_l_e_o on December 21, 2020, 03:49:51 PM
I really do not think that this is possible, it is good to check all the documents that you been checking while leaving your data on Ledger website, but I would be surprised if Ledger leaved any space for people to pull a lawsuit against them over data hacking
Depends on French and EU law. They could very well be at fault for not storing this data in a secure environment, i.e. encrypted and offline. There is a new subreddit at /r/ledgerwalletleak which is discussing lawsuits, and there are some responses from various lawyers pasted in there which seem like there may be a case.

I highly doubt that ledger live is sending data regarding your account in some central database, it would be of no use for them and highly risky for users,
And no one expected that Ledger were storing everyone's personal info in one big unencrypted, unprotected, and unsecured online database, and yet, here we are.

if they can, then they would be able to have access to your mnemonic phase or private key, prior to sending you device
Not required. All you need to do is open Ledger Live and details of your addresses could be sent to their servers.


Title: Re: New Ledger phishing mail targets individual users
Post by: DaveF on December 21, 2020, 04:52:26 PM
I highly doubt that ledger live is sending data regarding your account in some central database, it would be of no use for them and highly risky for users,
And no one expected that Ledger were storing everyone's personal info in one big unencrypted, unprotected, and unsecured online database, and yet, here we are.

Ummm, that is how us paranoid security nutjobs think everyone stores our info.
This is why I use disposable email addresses and have semi-bogus shipping info.
Oh, and enjoy calling my virtual phone number that goes nowhere.
Sad, but this is what it takes to be somewhat secure today.

-Dave


Title: Re: New Ledger phishing mail targets individual users
Post by: FatFork on December 21, 2020, 05:55:14 PM
...Sad, but this is what it takes to be somewhat secure today.

This is not the answer. If I am supposed to use fake information (name, address, phone number) to use a legitimate service, then I am the one who violates the rules and regulations (in some cases, even breaking the law). And what about credit card numbers? Should I also have a fake credit card for online shopping?
No, no, no. In this situation, it is very clear who is responsible.


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on December 21, 2020, 06:28:29 PM
Interestingly, they only have my email addresses, despite having made a purchase... so it would seem that the buyers database is not "complete". So, that's something I guess... :-\

Kudos to Ledger for actually admitting that the original security log analysis was incorrect in its determination of how much data was leaked:
Quote
At the time of the incident, in July, we engaged an external security organisation to conduct a forensic review of the logs available. This review of the logs enabled us to confirm that approximately 1 million email addresses had been stolen as well as 9,532 more detailed personal information (postal addresses, name, surname and phone number) that we were able to specifically identify.

The database publicly released yesterday shows that a larger subset of detailed information has been leaked, approximately 272,000 detailed information such as postal address, last name, first name and telephone number of our customers. These details are not available in the logs that we were able to analyse.

Still, I'm not sure why they didn't just assume the worst-case scenario that everything had been taken... ???


Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on December 21, 2020, 08:56:54 PM
I have finally received my personal email informing me about the leak, and boy is it funny to read. I'll highlight a couple of things:

Quote
We regret to inform you that you are part of the approximately 272 000 customers whose detailed personal information was accessed by the unauthorized third party. Specifically, your name and surname, and your postal address were exposed.

Not only are they late, but the specifically forget to mention that my phone number and email have also been leaked; which leads me to believe that they haven't actually checked the dumped DB.

Quote
We are still investigating, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020
I think it was suchmoon the one mentioning it; but what else do they have to investigate? Like really, the data is out in the public, they know when the vulnerability was allegedly found. If anything, they should check whether new customers' data is still there, but other than that... the oldest data to know when this party started?

The email as a whole is a copy paste, which considering the case is way too "cold" (but what could we really expect?)


Title: Re: New Ledger phishing mail targets individual users
Post by: casperBGD on December 21, 2020, 09:05:25 PM

if they can, then they would be able to have access to your mnemonic phase or private key, prior to sending you device
Not required. All you need to do is open Ledger Live and details of your addresses could be sent to their servers.

yeah, but how can they relate address in Ledger live with you/personally, and your physical address, I do not think that Ledger can do that, just based on addresses in the device, since they cannot know which public address will be created on the device, do they?

I will certainly follow the reddit, it would be good to close Ledger for good, if that can be, their stance on the case is really bad, they actually send you copy/paste e-mail with data that are incorrect, because you can check one in a leaked database, it is public, so one can check which data are exposed, Ledger people as well, how can they inform you different, it is stupid from them


Title: Re: New Ledger phishing mail targets individual users
Post by: aesma on December 21, 2020, 11:44:49 PM
They are claiming on Reddit that they did not lie, and the logs and investigation they performed revealed only 9,500 compromised addresses. As I said above, if they aren't lying then they are completely unaware about the security of their own systems, and someone managed to steal a quarter of million customers' details with Ledger being none the wiser. Not that it really matters - either is enough to never use them again.

Makes the recent complains about ongoing leaks not that far fetched anymore, doesn't it.



I checked a few zip codes around me and what do you know - the number of ledger buyers per zip code follows known indicators of wealth for those areas, e.g. income and real estate prices. This might turn out to be a very valuable dataset for a wannabe burglar.

Burglars already know that wealthy neighborhoods have wealthy people. What we should be worried about are home invaders, intent to maim and torture to get our crypto.

Maybe time to set up a decoy ledger/secondary PIN with something like 0,1BTC on it to give up to such invaders ?


Title: Re: New Ledger phishing mail targets individual users
Post by: suchmoon on December 22, 2020, 12:04:06 AM
Burglars already know that wealthy neighborhoods have wealthy people.

True, but now they know addresses of the ones worth visiting.

What we should be worried about are home invaders, intent to maim and torture to get our crypto.

Maybe time to set up a decoy ledger/secondary PIN with something like 0,1BTC on it to give up to such invaders ?

I thought about it - actually thought about just writing my PIN on the Ledger and handing it over - but then... how many of these decoys should I have? Will the second attacker believe me if I say that I've already been mugged?

Probably just need to make sure the insurance policies are up to date and hope for the best.


Title: Re: New Ledger phishing mail targets individual users
Post by: aesma on December 22, 2020, 12:17:20 AM
Such thoughts are pretty bad. I know hackers aren't all nice people but putting home addresses online like that is really nasty. On the other hand if the data is legit, then only my email has leaked.


Title: Re: New Ledger phishing mail targets individual users
Post by: o_e_l_e_o on December 22, 2020, 10:30:41 AM
yeah, but how can they relate address in Ledger live with you/personally, and your physical address
They will have logs of the IP addresses which make orders through their website, and they could easily keep logs of the IP addresses that each Ledger Live connects from and which addresses they query. Not saying they do do this, but it is certainly possible.

Burglars already know that wealthy neighborhoods have wealthy people.
Stealing something like a laptop or some jewellery and having to pawn them off second hand for a few hundred bucks without getting caught is one thing. Stealing tens or hundreds of thousands of dollars worth of bitcoin and knowing that you can make it untraceable is another.



Now there are reports on Reddit of people receiving scam emails about exchange accounts (notably Coinbase), as well as potential SIM swapping attacks. If you are on this list, at a minimum you should create a brand new email and move all your accounts over to this new email, and make sure you are using either a 2FA app or hardware key (NOT email or SMS) on all your accounts. Preferably change phone number too.


Title: Re: New Ledger phishing mail targets individual users
Post by: casperBGD on December 22, 2020, 11:05:27 AM
yeah, but how can they relate address in Ledger live with you/personally, and your physical address
They will have logs of the IP addresses which make orders through their website, and they could easily keep logs of the IP addresses that each Ledger Live connects from and which addresses they query. Not saying they do do this, but it is certainly possible.

agree, they could also note the device serial number and transmit it through ledger live to connect to your purchase, but that will sound as they are not even legitimate company at all, and their main purpose is like stealing your funds in some way, isn't it?
nevertheless, I think that they were just ignorant to their buyers, and focused to improve their sales through constant e-mails to their commercial database

Now there are reports on Reddit of people receiving scam emails about exchange accounts (notably Coinbase), as well as potential SIM swapping attacks. If you are on this list, at a minimum you should create a brand new email and move all your accounts over to this new email, and make sure you are using either a 2FA app or hardware key (NOT email or SMS) on all your accounts. Preferably change phone number too.

agree on this one, some security measures to leaked information should be taken, changing of e-mail used for the service should be first one


Title: Re: New Ledger phishing mail targets individual users
Post by: dkbit98 on December 22, 2020, 01:18:51 PM
Situation is really bad, but that is maybe only way for people to learn how privacy is very very important and to learn how to protect themselves and not repeat same mistakes again.
Now everyone have this famous ledger lists and if we know that ledger keeps customer data information forever, and they have website full of trackers and ads so don't be surprised if they also keep track of everything including IP for using their shitty ledger live app and their website.

at a minimum you should create a brand new email and move all your accounts over to this new email, and make sure you are using either a 2FA app or hardware key (NOT email or SMS) on all your accounts. Preferably change phone number too.

I agree and in future better use PO Boxes people, in some countries they are FREE to use.
Now my GUIDE How to buy a Hardware Wallet the right way (https://bitcointalk.org/index.php?topic=5288201.0) should be more popular with people  :D




Title: Re: New Ledger phishing mail targets individual users
Post by: Betwrong on December 22, 2020, 03:56:38 PM
I'm currently watching Help! Ledger Cryptocurrency Hardware Wallet Database Hack: aantonop Emergency Livestream Q&A (https://youtu.be/uKCMx8nqQhY), and since it's over 2 hours long, here's the most important parts of it, imo.

1.  What happened (https://youtu.be/uKCMx8nqQhY?t=290)(2 mins)

2. Ledger does not have your keys or seeds (https://youtu.be/uKCMx8nqQhY?t=1042)(1 min)

3.  What should I do? (https://youtu.be/uKCMx8nqQhY?t=1476) (2 mins)

The main message:

Do not react hastily. Research first.

"Sometimes it's better to just not do anything. And this feels wrong, but it might be the best way." - Andreas Antonopoulos in this video.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on December 22, 2020, 04:14:47 PM
Check their Terms of Service and Privacy Policy for how to go about doing so.
Their Privacy Policy states that they may keep some personal data achieved for up to 10 years if you purchased any of their devices or goods they sell. Apparently due to legal and taxing purposes. Once the required timeframe expires, they claim they will delete any records of you from their systems.

If someone wants to contact them and ask to have their personal data permanently deleted, they can do so by sending an email to privacy@ledger.fr.


Title: Re: New Ledger phishing mail targets individual users
Post by: LTU_btc on December 22, 2020, 07:01:16 PM
I checked leaked data and I was already ready to see full my data leaked with full name, phone number and home address, but fortunately, there is just my email address.
What I noticed that in few recent days I got more than ever phishing Ledger emails and it can't be not related with this data leak.
What is worst, this database wasn't just sold somewhere on dark web. Now it's available for everyone, so great opportunity for people with bad intentions to use it without putting any effort to get so many email addresses.


Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on December 22, 2020, 09:40:15 PM
agree, they could also note the device serial number and transmit it through ledger live to connect to your purchase, but that will sound as they are not even legitimate company at all, and their main purpose is like stealing your funds in some way, isn't it?

Or they simply wanted to track their customers after the purchase to collect their consumer habits and use the data to improve their marketing... there's way too many things that could be done without any "bad" intention on their side by doing this.


Have I just created a conspiracy theory?


Title: Re: New Ledger phishing mail targets individual users
Post by: aesma on December 22, 2020, 11:13:00 PM
yeah, but how can they relate address in Ledger live with you/personally, and your physical address
They will have logs of the IP addresses which make orders through their website, and they could easily keep logs of the IP addresses that each Ledger Live connects from and which addresses they query. Not saying they do do this, but it is certainly possible.

Burglars already know that wealthy neighborhoods have wealthy people.
Stealing something like a laptop or some jewellery and having to pawn them off second hand for a few hundred bucks without getting caught is one thing. Stealing tens or hundreds of thousands of dollars worth of bitcoin and knowing that you can make it untraceable is another.

Sure, but in that case what matters is having addresses from the hack. In fact addresses in wealthy places might not be the best ones, as there might be better security, gated communities, police that comes quickly, alarms, CCTV, etc.


Title: Re: New Ledger phishing mail targets individual users
Post by: examplens on December 22, 2020, 11:58:10 PM
I received today another suspicious email, probably a continuation of all this. Sent from noreply@ledger.com-ez29-server-14-secure.es26-email-ssl.cloud
Gmail did not recognize it as a dangerous email which is strange to me, especially since there is a link with redirection in the email.

Code:
Your Device has been deactivated.

You are required to pass identification:
https://docs.google.com/document/d/e/2PACX-1vQljtzMSIcxGYPbO3vwkSMJYAP5PdG0xqhzDFyVbD9WUqBSKoezHCWqsI7KL3n33XuslU0qc-DNfauy/pub?embedded=true

Ledger Verification Team.
8N3S-L7TN2L34WN ZE0080


Title: Re: New Ledger phishing mail targets individual users
Post by: Csmiami on December 23, 2020, 01:00:06 AM
----

I stand myself corrected; they sent a second email that did go straight to the spam folder; you have to laugh... On said second email, they apologize for nothing, but the title adds a nice ERRATUM word; and a newly underlined phone number appears on the list of items that have been compromised. They are still missing the email address, so I guess there's still room for a ERRATUM ERRATUM? The rest of the email is exactly the same


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on December 28, 2020, 04:01:49 PM
New day brings a new phishing surprise. This time the story is directed and brought to you by our dear Prince Shaon. Prince Shaon didn't put much thought to it so he simple wrote from a gmail account. Ohh, bless him. Our prince suggests we all download his 'additional wallet' so that our accounts don't get hacked. Noble of him indeed. Too bad he signed the email like the Ledger CEO did in the genuine emails that were sent to users.

I would have preferred a signature by Prince Shaon instead. Makes me sad looking at it this way :'(

https://i.imgur.com/P9aBngj.png


Title: Re: New Ledger phishing mail targets individual users
Post by: suchmoon on December 28, 2020, 04:43:01 PM
New day brings a new phishing surprise. This time the story is directed and brought to you by our dear Prince Shaon.

Oooohhhh.... Ledger CEO being the crown prince of Nigeria would make perfect sense. Both have the habit of treating recipients of their e-mails as utter idiots.


Title: Re: New Ledger phishing mail targets individual users
Post by: aesma on December 28, 2020, 08:43:16 PM
The one I got was very nice, probably the best scam email I ever got, a big paragraph in good English, not a single mistake/typo. Maybe why it got through antispam filters. The sending address gave it away though as well as the fact it wants you to download something, with a link, of course.


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on December 28, 2020, 09:38:08 PM
They're just getting lazy now... no text... obviously fake email, no sign off... just a straight up link to Google Docs ::) ::)
https://i.imgur.com/VYj6VeY.png


Title: Re: New Ledger phishing mail targets individual users
Post by: jerry0 on December 28, 2020, 09:39:10 PM
New day brings a new phishing surprise. This time the story is directed and brought to you by our dear Prince Shaon. Prince Shaon didn't put much thought to it so he simple wrote from a gmail account. Ohh, bless him. Our prince suggests we all download his 'additional wallet' so that our accounts don't get hacked. Noble of him indeed. Too bad he signed the email like the Ledger CEO did in the genuine emails that were sent to users.

I would have preferred a signature by Prince Shaon instead. Makes me sad looking at it this way :'(

https://i.imgur.com/P9aBngj.png



Has anyone here clicked on the link that those scam/spam emails posted and if so, what is it?  Is it malware/keylogger or is it something else?  Like asking you to type your seed?  Could you lose your coins just clicking on those links?  Read about chrome extension and how someone got their coins stolen in it... when they used a hardware wallet... but it wasn't ledger or trezor.


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on December 28, 2020, 09:54:36 PM
Has anyone here clicked on the link that those scam/spam emails posted and if so, what is it?  Is it malware/keylogger or is it something else?  Like asking you to type your seed?  Could you lose your coins just clicking on those links?  Read about chrome extension and how someone got their coins stolen in it... when they used a hardware wallet... but it wasn't ledger or trezor.
You can't lose your coins from a Ledger (or other hardware wallets) simply by clicking on a link... That is the entire purpose of hardware wallets. You would need to have the device connected and explicitly authorise a transaction on the device itself to send a transaction, and the private keys/seeds are shielded from external applications.

The simple answer is that it doesn't matter what the link goes to (be it a fake version of Ledger Live, keylogger or a website asking for your 24 words), you simply should NOT click on it... it's obviously fake and a poor attempt to try and steal your coins.


Title: Re: New Ledger phishing mail targets individual users
Post by: jerry0 on December 28, 2020, 10:12:51 PM
Has anyone here clicked on the link that those scam/spam emails posted and if so, what is it?  Is it malware/keylogger or is it something else?  Like asking you to type your seed?  Could you lose your coins just clicking on those links?  Read about chrome extension and how someone got their coins stolen in it... when they used a hardware wallet... but it wasn't ledger or trezor.
You can't lose your coins from a Ledger (or other hardware wallets) simply by clicking on a link... That is the entire purpose of hardware wallets. You would need to have the device connected and explicitly authorise a transaction on the device itself to send a transaction, and the private keys/seeds are shielded from external applications.

The simple answer is that it doesn't matter what the link goes to (be it a fake version of Ledger Live, keylogger or a website asking for your 24 words), you simply should NOT click on it... it's obviously fake and a poor attempt to try and steal your coins.




I saw this post on someone using a hardware wallet called keepkey and used a malicious chrome extension through google... 


So what happened here then? This person typed in his keepkey seed?  Again i don't know of any hardware wallets besides nano ledger and trezor... but this guy mentioned he used a hardware wallet.


https://bitcointalk.org/index.php?topic=5255282.0;all




Yea obviously you should not click on whatever link is in the email.  But i got to assume it has to be malware/keylogger at least right?  I can't imagine a hacker putting a link and you only get screwed if you actually type in your seed.  I mean... wouldn't they make it malware/keylogger as well so then they can get into your email or say keepass/lastpass and thus they find your seed somewhere there?



Also i assume the safe way to find out if a link has malware/keylogger or any malicious would be use a separate computer that uses linux or chromebook then?  Or even if you use a windows computer, make sure its like a throwaway computer or a testing computer so to speak... to see what it is?  I recall i saw some youtube video where a guy intentionally click on malware/virus/keylogger links to see what it did to their computer... and they used a virtual machine for that.


So someone installing a virtual machine or using linux/chromebook could possibly test this all out without risk to their main computer?  But would there be any danger to their internet though?


Title: Re: New Ledger phishing mail targets individual users
Post by: aesma on December 28, 2020, 10:55:11 PM
He says it was a phishing app. So basically what some of these Ledger emails are trying to do : have you install a fake app, then use it as normal. As soon as you authorize a transfer of your coins, the app will take over and have you send to their address, and send everything instead of just the amount you had chosen.

With a Ledger though, you should still be able to see what's happening on the Ledger screen and not authorize it.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on December 28, 2020, 11:02:54 PM
So what happened here then? This person typed in his keepkey seed?
He downloaded a fake Chrome extension that asked him to enter his recovery phrase (for whatever reason). He did, the words were sent to the scammers who ultimately emptied his accounts. This is not a hack of a hardware wallet. This was an avoidable human error and a person who fell for a phishing attempt. Your seed phrase should never be stored or entered anywhere online. If you remember that simple rule, you will save yourself plenty of trouble.

Yea obviously you should not click on whatever link is in the email.  But i got to assume it has to be malware/keylogger at least right? 
No, the hackers are interested in your recovery phrase. Infecting you with a keylogger wont help them gain access to the crypto assets stored on your hardware device. They want you to enter your seed in their malicious app.

Why are you so concerned about what it is? It is not a genuine app, and it could potentially do you some harm in one way or the other. If you find a needle on the ground, you don't stick it into your arm to see what it is. Just pass by it or throw it away.


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on December 28, 2020, 11:09:38 PM
I saw this post on someone using a hardware wallet called keepkey and used a malicious chrome extension through google...  

So what happened here then? This person typed in his keepkey seed?  Again i don't know of any hardware wallets besides nano ledger and trezor... but this guy mentioned he used a hardware wallet.
Exactly, if you read the various details of that story (and any other involving loss from hardware wallets), it's generally because the seed has been compromised by either:

- some fake piece of software that asks the user to enter their seed on the PC... boom! coins gone.
or
- user stored their seed in a screenshot, email, instant messenger, text document, other digital format etc. and it got compromised.


Yea obviously you should not click on whatever link is in the email.  But i got to assume it has to be malware/keylogger at least right?  I can't imagine a hacker putting a link and you only get screwed if you actually type in your seed.  I mean... wouldn't they make it malware/keylogger as well so then they can get into your email or say keepass/lastpass and thus they find your seed somewhere there?
Which do you think is easier and quicker to make (and more likely to success)? ??? A website that says "hey this is Ledger website, please confirm your 24 word ledger seed here:" and harvests 24 word seeds... or create an installer for malware that goes targeting keepass/lastpass databases on the off chance the victim actually has those installed, and they actually stored their seed there (against all common sense and recommendations of NOT storing your seed digitally)? ???


Also i assume the safe way to find out if a link has malware/keylogger or any malicious would be use a separate computer that uses linux or chromebook then?  Or even if you use a windows computer, make sure its like a throwaway computer or a testing computer so to speak... to see what it is?  I recall i saw some youtube video where a guy intentionally click on malware/virus/keylogger links to see what it did to their computer... and they used a virtual machine for that.

So someone installing a virtual machine or using linux/chromebook could possibly test this all out without risk to their main computer?  But would there be any danger to their internet though?
Why does it even matter??!? ??? ::) Just DON'T click on the link... who cares if it's just a website asking for your 24 word seed or malware disguised as wallet software... there is literally ZERO reason (for normal users) to click on the link.

Seriously, just delete the emails and move on with your life.


Title: Re: New Ledger phishing mail targets individual users
Post by: bob123 on December 29, 2020, 09:46:53 AM
Yea obviously you should not click on whatever link is in the email.  But i got to assume it has to be malware/keylogger at least right?  I can't imagine a hacker putting a link and you only get screwed if you actually type in your seed.  I mean... wouldn't they make it malware/keylogger as well so then they can get into your email or say keepass/lastpass and thus they find your seed somewhere there?
Which do you think is easier and quicker to make (and more likely to success)? ??? A website that says "hey this is Ledger website, please confirm your 24 word ledger seed here:" and harvests 24 word seeds... or create an installer for malware that goes targeting keepass/lastpass databases on the off chance the victim actually has those installed, and they actually stored their seed there (against all common sense and recommendations of NOT storing your seed digitally)? ???


To be honestly, both is pretty easy to accomplish.
The website obviously is a no-brainer. But the other method wouldn't require too much work either.

You wouldn't create a malware which specifically targets the password manager. You would use some generic malware which gives you full access to the victims system.
Then you could always load other pieces of malware to search/extract specific kind of information.


But the consensus is: Don't click on unknown links. And if you did and it downloaded something, delete it and do not execute or open the file.


Title: Re: New Ledger phishing mail targets individual users
Post by: LTU_btc on December 30, 2020, 11:06:22 PM
Through all these phishing emails in my spam folder, today I found something new :) :
https://i.imgur.com/kL95c0h.png
Never heard about website Crypto-mails.com before and I can't even access it.


Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on December 31, 2020, 11:42:03 AM
LTU_btc, that mail is nothing but the promotion of the coin/token mentioned in it, and it is quite expected that the database will be used for such purposes. Since the database became public, the amount of spam in my case has increased at least 4 to 5 times, but thanks to a good spam filter everything ends up in a spam folder, including legitimate emails from Ledger which are obviously marked by many as spam.

Someone has already mentioned that it is not the smartest thing to open such spam e-mails at all, because it is possible that those who send them use some methods to get your IP and some other information. In other words, you are letting the bad guys know that you are active and that it makes sense to keep trying to deceive you in some way.


Title: Re: New Ledger phishing mail targets individual users
Post by: The Pharmacist on December 31, 2020, 11:49:44 AM
I stand myself corrected; they sent a second email that did go straight to the spam folder;
For a long time I thought I wasn't getting these phishing e-mails, but I happened to check the spam folder of the e-mail address that I gave Ledger (which is not my primary one by any means), and yep, I've been getting them alright.  Luckily they did go to the spam folder immediately, and I hope that's true for most people. 

Strangely (or not) I've gotten quite a few legitimate e-mails from the Ledger team that haven't gone to the spam folder.  I haven't been paying attention to them either, or that e-mail address in general.  Meanwhile, I don't have anything on either Ledger I own--not that I'm afraid of getting hacked, just that I don't own a lot of crypto these days. 

Never heard about website Crypto-mails.com before and I can't even access it.
Nor have I and I wouldn't even try to access it.  Is it possible to own a domain name that doesn't have a website, just e-mail hosting?


Title: Re: New Ledger phishing mail targets individual users
Post by: LTU_btc on December 31, 2020, 02:36:09 PM
Someone has already mentioned that it is not the smartest thing to open such spam e-mails at all, because it is possible that those who send them use some methods to get your IP and some other information. In other words, you are letting the bad guys know that you are active and that it makes sense to keep trying to deceive you in some way.
Is it really possible for them to know IP address when you just open email without clicking any links? Because I've never hear about such thing before. If it's really possible, then probably it's not good idea to open these emails.

Is it possible to own a domain name that doesn't have a website, just e-mail hosting?
[/quote]
Yeah, it's possible.


Title: Re: New Ledger phishing mail targets individual users
Post by: Stalker22 on December 31, 2020, 03:37:30 PM
Is it really possible for them to know IP address when you just open email without clicking any links? Because I've never hear about such thing before. If it's really possible, then probably it's not good idea to open these emails.


Yeah, it's possible. It's called Pixel-Tracking. In addition to the IP address, they can also know when you opened the email, how many times, the operating system you use, the email client, the device, and a bunch of other things about you. The easiest way to prevent pixel tracking is to block images from being displayed in your emails, but I'm not sure if it's totally effective.



Title: Re: New Ledger phishing mail targets individual users
Post by: Lucius on January 01, 2021, 11:13:03 AM
LTU_btc, of course it is possible, with the method described by Stalker22, and there are probably some other tricks used for this purpose. While this may not mean too much for those to whom all data has become public, for those to whom only email addresses have become available it would certainly be a breach of privacy - the address can be linked to the country, and if the ISP does not have adequate protection even locate the user.

After all, all these phishing/advertising emails are more or less the same - when you see one, there is no need to look at the others.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on January 01, 2021, 02:56:31 PM
Yeah, it's possible. It's called Pixel-Tracking.
The good thing about Pixel-Tracking is that you can probably prevent it from getting to your private data by going into the settings of your email client and turning of the option for showing images from the email. And if the mail ends up in your spam folder, I think clients like Hotmail and Yahoo disable the option to display external images by default. I have read about Pixel-Tracking extensions and add-ons as well, but never tested any personally. 


Title: Re: New Ledger phishing mail targets individual users
Post by: Stalker22 on January 01, 2021, 05:05:34 PM
Yeah, it's possible. It's called Pixel-Tracking.
The good thing about Pixel-Tracking is that you can probably prevent it from getting to your private data by going into the settings of your email client and turning of the option for showing images from the email. And if the mail ends up in your spam folder, I think clients like Hotmail and Yahoo disable the option to display external images by default. I have read about Pixel-Tracking extensions and add-ons as well, but never tested any personally.  

Gmail users are also somewhat protected: Google redirects every image request via its own proxy servers (much like bitcointalk does). Tracking pixels will still know when you read their emails, but they can't sniff your location because they can't see your IP address (they see Google's IP instead).

Of course, this doesn't mean I'm in favor of Gmail in terms of privacy. ;)


Title: Re: New Ledger phishing mail targets individual users
Post by: LTU_btc on January 02, 2021, 12:05:51 AM
Thanks guys for explaining me. I remember that maybe 10 years I was wondering why images in emails is disabled by default. I didn't understood how it can be privacy issue. So, now it's good to finally know exact answer why it can be dangerous.
@Pmalek, it's not just Hotmail or Yahoo, but also Gmail and probably all others more or less popular email providers by default have disabled images in spam folder.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on January 14, 2021, 05:57:44 PM
My friend just sent me the new email he received. I am laughing about it, but I can understand how some people might find this frightening.
The email begins by stating his name, address and phone number. The image below shows the beautifully crafted content that comes after. For some reason I can't copy/paste the email here. The pasted content becomes some gibberish. Pasting it into Word and changing the font doesn't work either.

https://i.imgur.com/MTTBTxc.png

What is not it?
How do you know how much crypto I have. You should have included my addresses to be more convincing.

Does anyone know what kind of font/formatting this is and why can't it be copy-pasted in a post on Bitcointalk?
I tried to look up those addresses on a block explorer, but they either don't exist or whatever font/formatting/encoding he used messed it all up. Neither of the two addresses can be copy/pasted into a block explorer after removing the special characters.


Title: Re: New Ledger phishing mail targets individual users
Post by: FatFork on January 14, 2021, 07:46:38 PM
Does anyone know what kind of font/formatting this is and why can't it be copy-pasted in a post on Bitcointalk?
I tried to look up those addresses on a block explorer, but they either don't exist or whatever font/formatting/encoding he used messed it all up. Neither of the two addresses can be copy/pasted into a block explorer after removing the special characters.

It is difficult (if not impossible) to determine the encoding based only on a screenshot. Have you tried copy/paste on pastebin or put in [ code ] tags?


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on January 15, 2021, 01:32:29 PM
I have tried both. The message can be pasted on pastebin, but if you try to copy it from there to paste on the forum, it doesn't work.
I have put the addresses in quote and code tags. Take a look. It stays completely blank.

Code:
𝚋𝚌𝟷𝚚𝚐𝟺𝚕𝚐𝚠𝚓𝚐𝚟𝟸𝚢𝚏𝚏𝚐𝚣𝚙𝚍𝚓𝚣𝚢𝚎𝚙𝟿𝚟𝚡𝚓𝚣𝟿𝚗𝟺𝟸𝚚𝚢𝚚𝚜𝚜𝟹𝚗𝚚
Quote
𝚋𝚌𝟷𝚚𝚐𝟺𝚕𝚐𝚠𝚓𝚐𝚟𝟸𝚢𝚏𝚏𝚐𝚣𝚙𝚍𝚓𝚣𝚢𝚎𝚙𝟿𝚟𝚡𝚓𝚣𝟿𝚗𝟺𝟸𝚚𝚢𝚚𝚜𝚜𝟹𝚗𝚚

And here is how it looks when you copy/paste the message in a post:

Quote
𝚃𝚑𝚊𝚝 𝚒𝚜 𝚗𝚘𝚝 𝚒𝚝. 𝙸 𝚔𝚗𝚘𝚠 𝚎𝚟𝚎𝚛𝚢𝚝𝚑𝚒𝚗𝚐 𝚊𝚋𝚘𝚞𝚝 𝚢𝚘𝚞.

𝙸𝚗 𝚊𝚍𝚍𝚒𝚝𝚒𝚘𝚗, 𝚢𝚘𝚞 𝚊𝚕𝚜𝚘 𝚑𝚊𝚙𝚙𝚎𝚗 𝚝𝚘 𝚖𝚊𝚒𝚗𝚝𝚊𝚒𝚗 𝚊 𝚐𝚘𝚘𝚍 𝚊𝚖𝚘𝚞𝚗𝚝 𝚘𝚏 𝚌𝚛𝚢𝚙𝚝𝚘. 𝙸 𝚊𝚖 𝚊𝚋𝚘𝚞𝚝 𝚝𝚘 𝚜𝚑𝚊𝚛𝚎 𝚊𝚕𝚕 𝚝𝚑𝚊𝚝 𝚒𝚗𝚏𝚘𝚛𝚖𝚊𝚝𝚒𝚘𝚗 (𝚊𝚗𝚍 𝚖𝚘𝚛𝚎) 𝚠𝚒𝚝𝚑 𝚕𝚘𝚌𝚊𝚕 𝚊𝚛𝚎𝚊 𝚝𝚑𝚒𝚎𝚟𝚎𝚜 𝚒𝚗 𝚢𝚘𝚞𝚛 𝚊𝚛𝚎𝚊.

𝙳𝚘 𝚗𝚘𝚝 𝚠𝚘𝚛𝚛𝚢 𝚗𝚘𝚝 𝚢𝚎𝚝! 𝙱𝚞𝚝, 𝚒𝚏 𝙸 𝚘𝚌𝚌𝚞𝚛 𝚝𝚘 𝚍𝚘 𝚝𝚑𝚒𝚜, 𝚌𝚊𝚗 𝚢𝚘𝚞 𝚒𝚖𝚊𝚐𝚒𝚗𝚎 𝚊𝚕𝚕 𝚝𝚑𝚎 𝚙𝚘𝚜𝚜𝚒𝚋𝚕𝚎 𝚌𝚘𝚗𝚌𝚎𝚚𝚞𝚎𝚗𝚌𝚎𝚜 𝚝𝚑𝚊𝚝 𝚌𝚊𝚗 𝚑𝚊𝚙𝚙𝚎𝚗 𝚝𝚘 𝚢𝚘𝚞 𝚊𝚗𝚍 𝚢𝚘𝚞𝚛 𝚕𝚘𝚟𝚎𝚍 𝚘𝚗𝚎𝚜?

𝚃𝚎𝚛𝚛𝚒𝚏𝚢𝚒𝚗𝚐 𝚛𝚒𝚐𝚑𝚝? 𝙱𝚞𝚝, 𝚒𝚝 𝚍𝚘𝚎𝚜𝚗'𝚝 𝚗𝚎𝚎𝚍𝚜 𝚝𝚘 𝚋𝚎 𝚝𝚑𝚊𝚝 𝚠𝚊𝚢. 𝙸 𝚠𝚒𝚕𝚕 𝚐𝚒𝚟𝚎 𝚢𝚘𝚞 𝚊 𝚠𝚊𝚢 𝚘𝚞𝚝 𝚘𝚏 𝚝𝚑𝚒𝚜.

𝚂𝚎𝚗𝚍 𝚖𝚎 𝚎𝚒𝚝𝚑𝚎𝚛 𝟶.𝟹 𝙱𝚃𝙲 𝚝𝚘 𝚋𝚌𝟷𝚚𝚐𝟺𝚕𝚐𝚠𝚓𝚐𝚟𝟸𝚢𝚏𝚏𝚐𝚣𝚙𝚍𝚓𝚣𝚢𝚎𝚙𝟿𝚟𝚡𝚓𝚣𝟿𝚗𝟺𝟸𝚚𝚢𝚚𝚜𝚜^^𝟹𝚗𝚚 𝚘𝚛 𝟷𝟶 𝙴𝚃𝙷 𝚝𝚘 𝟶𝚡𝟹𝚍𝟸𝟺𝟸𝟿𝟽𝟺𝟺𝟾𝚎𝙰𝙳𝟷𝟼𝟷^^𝚊𝟷𝙳𝟺𝙱𝟿𝟹𝟼𝟼𝟷𝚊𝟶𝚌𝟷𝟸𝟷𝚎𝟽𝟼𝚋𝚎𝟶𝟶𝚋 [𝙲𝙰𝚂𝙴-𝚜𝚎𝚗𝚜𝚒𝚝𝚒𝚟𝚎, 𝚌𝚘𝚙𝚢 𝚊𝚗𝚍 𝚙𝚊𝚜𝚝𝚎 𝚒𝚝, 𝚊𝚗𝚍 𝚛𝚎𝚖𝚘𝚟𝚎 ^^ 𝚏𝚛𝚘𝚖 𝚒𝚝] 𝚠𝚒𝚝𝚑𝚒𝚗 𝚝𝚑𝚎 𝚗𝚎𝚡𝚝 𝚝𝚠𝚎𝚗𝚝𝚢 𝚏𝚘𝚞𝚛 𝚑𝚘𝚞𝚛𝚜, 𝚊𝚗𝚍 𝙸 𝚠𝚒𝚕𝚕 𝚙𝚞𝚝 𝚊 𝚜𝚝𝚘𝚙 𝚘𝚗 𝚖𝚢 𝚙𝚕𝚊𝚗. 𝚈𝚘𝚞𝚛 𝚙𝚎𝚛𝚜𝚘𝚗𝚊𝚕 𝚍𝚊𝚝𝚊 𝚠𝚒𝚕𝚕 𝚋𝚎 𝚎𝚛𝚊𝚜𝚎𝚍 𝚊𝚗𝚍 𝙸 𝚠𝚒𝚕𝚕 𝚕𝚎𝚊𝚟𝚎 𝚢𝚘𝚞 𝚊𝚕𝚘𝚗𝚎 𝚏𝚘𝚛𝚎𝚟𝚎𝚛.

𝙸𝚏 𝚏𝚘𝚛 𝚊𝚗𝚢 𝚛𝚎𝚊𝚜𝚘𝚗, 𝚢𝚘𝚞 𝚏𝚊𝚒𝚕 𝚝𝚘 𝚏𝚞𝚕𝚏𝚒𝚕𝚕 𝚖𝚢 𝚍𝚎𝚖𝚊𝚗𝚍 𝚒𝚗 𝚗𝚎𝚡𝚝 𝚃𝚠𝚎𝚗𝚝𝚢-𝚏𝚘𝚞𝚛 𝚑𝚘𝚞𝚛𝚜, 𝙸 𝚠𝚒𝚕𝚕 𝚌𝚎𝚛𝚝𝚊𝚒𝚗𝚕𝚢 𝚖𝚘𝚟𝚎 𝚏𝚘𝚛𝚠𝚊𝚛𝚍 𝚊𝚕𝚘𝚗𝚐 𝚠𝚒𝚝𝚑 𝚖𝚢 𝚙𝚕𝚊𝚗 𝚊𝚗𝚍 𝚗𝚘 𝚖𝚊𝚝𝚝𝚎𝚛 𝚠𝚑𝚊𝚝 𝚑𝚊𝚙𝚙𝚎𝚗𝚜 𝚗𝚎𝚡𝚝 𝚠𝚒𝚕𝚕 𝚋𝚎 𝚘𝚗 𝚢𝚘𝚞.

𝙸 𝚑𝚘𝚙𝚎 𝚢𝚘𝚞 𝚍𝚘 𝚗𝚘𝚝 𝚛𝚞𝚒𝚗 𝚎𝚟𝚎𝚛𝚢 𝚕𝚒𝚝𝚝𝚕𝚎 𝚝𝚑𝚒𝚗𝚐 𝚏𝚘𝚛 𝚢𝚘𝚞𝚛𝚜𝚎𝚕𝚏 𝚋𝚢 𝚖𝚊𝚔𝚒𝚗𝚐 𝚝𝚑𝚎 𝚠𝚛𝚘𝚗𝚐 𝚌𝚑𝚘𝚒𝚌𝚎.

Edit: Wow, that's freaky. The message actually displays just fine. But clicking on the preview button doesn't work.

This is what I get when previewing the message before posting it.
https://i.imgur.com/HeFmsRa.png


Title: Re: New Ledger phishing mail targets individual users
Post by: o_e_l_e_o on January 15, 2021, 01:50:44 PM
Those characters are unicode, which is why they don't show up in preview. The same is true of any unicode, such as custom emojis like this one - 😀


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on January 15, 2021, 07:07:04 PM
But it's "OK"... Ledger are now going to delete all our personal data "as fast as possible": https://www.ledger.com/blog/update-efforts-to-protect-your-data-and-prosecute-the-scammers

I assume that includes the data of the extra 20,000 victims of the Shopify leak that have come to light ::) ::)


Ledger Stable|ClosedStableDoor --------------------------> Personal Info Horse ::)


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on January 16, 2021, 07:56:59 AM
Those characters are unicode, which is why they don't show up in preview. The same is true of any unicode, such as custom emojis like this one - 😀
All right, thanks for explaining o_e_l_e_o!

But it's "OK"... Ledger are now going to delete all our personal data "as fast as possible"
It is really a ridiculous report. Ledger deleting customer's personal data after a huge leak is like starting to wear condoms for your own protection after being infected with AIDS. Very useful.

I assume that includes the data of the extra 20,000 victims of the Shopify leak that have come to light ::) ::)
I don't think Ledger can be held responsible for the data that Shopify customer service reps stole. Some people are suggesting they are. They can be held responsible for using and trusting Shopify with their customer's private data, but not what happens on Shopify.


Title: Re: New Ledger phishing mail targets individual users
Post by: ETFbitcoin on January 16, 2021, 11:58:15 AM
Those characters are unicode, which is why they don't show up in preview. The same is true of any unicode, such as custom emojis like this one - 😀

But why would people with bad intention do it? Wouldn't it makes the email more likely filtered by spam filter feature?

But it's "OK"... Ledger are now going to delete all our personal data "as fast as possible": https://www.ledger.com/blog/update-efforts-to-protect-your-data-and-prosecute-the-scammers

At least it's useful for Ledger customer who're not affected by previous data leaks and future Ledger customer, assuming they actually and successfully do it.


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on January 16, 2021, 07:00:48 PM
Those characters are unicode, which is why they don't show up in preview. The same is true of any unicode, such as custom emojis like this one - 😀

But why would people with bad intention do it? Wouldn't it makes the email more likely filtered by spam filter feature?
Possibly the opposite depending on how advanced the spam filter is. By making it unicode, it's possible that a lot of the more basic "keyword" type spam filters will be unable to actually scan the message.

It is a strange tactic tho... because it seems like their instructions to copy/paste and remove the ^^'s might fail if you try and copy/paste the message into apps that don't support unicode characters etc.


Quote
At least it's useful for Ledger customer who're not affected by previous data leaks and future Ledger customer, assuming they actually and successfully do it.
And also something they should have been doing from the very start... or at least encrypting stored data ::) They should know that... I mean, they work in the "cryptosphere" FFS! ::)


Title: Re: New Ledger phishing mail targets individual users
Post by: ETFbitcoin on January 17, 2021, 09:25:27 AM
But why would people with bad intention do it? Wouldn't it makes the email more likely filtered by spam filter feature?
Possibly the opposite depending on how advanced the spam filter is. By making it unicode, it's possible that a lot of the more basic "keyword" type spam filters will be unable to actually scan the message.

That makes sense

It is a strange tactic tho... because it seems like their instructions to copy/paste and remove the ^^'s might fail if you try and copy/paste the message into apps that don't support unicode characters etc.

I tried creating watch only wallet by copy the address from @Pmalek post and as you expected, it's failed. But at least few people will have second thought not to send the Bitcoin to scammer.

Quote
At least it's useful for Ledger customer who're not affected by previous data leaks and future Ledger customer, assuming they actually and successfully do it.
And also something they should have been doing from the very start... or at least encrypting stored data ::) They should know that... I mean, they work in the "cryptosphere" FFS! ::)

Ledger prove working on certain field doesn't you're expert on that field or use it outside their core business.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on March 13, 2021, 07:34:07 AM
It seems that the situation with phishing emails is slowing down. Me and my friend haven't seen any new scamming attempts for weeks. But the scammers aren't asleep and they are trying new things. I just noticed one example that ended up in a spam folder on an email address that is not connected with my Ledger purchase. The mail was sent 2 days ago.   

They are now expanding the scope of their activities to Trezor users hoping that the same group that purchased Ledger hardware wallets, own Trezor devices as well. The content of the email is pretty much the same. Customers are informed that Trezor servers have been hacked and infected with malware. To prevent the loss of funds, they instruct users to download updated software and input their seed phrases.

https://i.imgur.com/RXHmO04l.png


Title: Re: New Ledger phishing mail targets individual users
Post by: jerry0 on April 27, 2021, 05:21:54 PM
So someone mentioned there was a leak of a few hundred dollar thousand addresses.  Is there a link to this? 


Then again, having an article or link that shows the addresses of everyone... how is that good at all?


Anyone check that site and tell me if their address was on there or not?


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on April 27, 2021, 09:24:55 PM
There is a "Search engine" for the database leak here: https://www.argent.xyz/ledgerhack/

You simply enter your email address associated with your Ledger purchase and it will tell you if:

a. it didn't find that email address at all
b. it found only your email address in the leaked data
c. it found your email address and other details like address and phone number etc in the leaked data


Title: Re: New Ledger phishing mail targets individual users
Post by: jerry0 on April 27, 2021, 10:15:22 PM
There is a "Search engine" for the database leak here: https://www.argent.xyz/ledgerhack/

You simply enter your email address associated with your Ledger purchase and it will tell you if:

a. it didn't find that email address at all
b. it found only your email address in the leaked data
c. it found your email address and other details like address and phone number etc in the leaked data


Thanks for that information.  But its for sure putting your email here won't do anything bad to it right? 


Im curious but for people here... did most of you found your email address leaked or not and if some of you had other things like address and phone number leak?  I mean... email isn't that big of a deal... but then again if you keep getting ledger scam emails, isn' it obviously your email was leaked?


And obviously phone leak is not that bad... but address leak is obviously the worst etc.


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on April 27, 2021, 11:16:14 PM
They say they won't store your email address... at worst, they might be creating their own list of "ledger owner email addresses"... at best they're doing the community a favour. Up to you to decide if you trust them or not. :P

Email address isn't a "huge" deal... they're easy enough to change and/or filter... you'll just get spam... and likely face hacking attempts on your email accounts (make sure your passwords are strong!)

Phone number is relatively annoying... no so easy to change and/or filter... people are being bombarded with texts and robo-calls. Also, opens you up to the possibility of "sim swap" attack, so any SMS based 2FA could be at risk.

Address is "dangerous"... at the very extreme, you could potentially face the threat of home invasion. :-\


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on April 28, 2021, 10:14:22 AM
But its for sure putting your email here won't do anything bad to it right? 
Security-wise, nothing can happen to your email address if you enter it there or on sites like haveibeenpwned. It might not be the best thing to do from a privacy perspective. Whoever created the site can connect anyone who enters his email there as being an owner of a Ledger device. Why else would you search his database?

Have you received targeted phishing emails already? If you have, your data has probably been leeked. If not, no reason to search the database because if your info was public somewhere, I doubt you could have gone this far without receiving some kind of crap. What this source can show you is if only your email got leeked, or more of your private info.


Title: Re: New Ledger phishing mail targets individual users
Post by: jerry0 on April 28, 2021, 03:10:19 PM
But its for sure putting your email here won't do anything bad to it right? 
Security-wise, nothing can happen to your email address if you enter it there or on sites like haveibeenpwned. It might not be the best thing to do from a privacy perspective. Whoever created the site can connect anyone who enters his email there as being an owner of a Ledger device. Why else would you search his database?

Have you received targeted phishing emails already? If you have, your data has probably been leeked. If not, no reason to search the database because if your info was public somewhere, I doubt you could have gone this far without receiving some kind of crap. What this source can show you is if only your email got leeked, or more of your private info.


Yes i know about that on the haveibeenpwned site.  But i wonder if entering email address on the one hcp posted would be good or not because wouldn't they record any email address typed in though even though it says it won't?  Like if someone enters an email address on that site...its because well they want to see if their info is there which mean they own a ledger.  So you are saying anyone that put their email address in it... surely that person can see every email entered right?


I received targeting phishing emails a while back... the ones where it say we see your ledger has been logged in russia or some country like that etc.  Also i receive ton of crypto like spam email... but its possibly that is coincidence?  I got to assume maybe even regular people receive ton of that spam mail nowadays?




Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on April 29, 2021, 07:25:45 AM
Also i receive ton of crypto like spam email... but its possibly that is coincidence?  I got to assume maybe even regular people receive ton of that spam mail nowadays?
My partner, who knows pretty much nothing about crypto (other than the fact that some of my crypto bought her some amazon giftcards for her B'day :P) gets emails every other day about Doge or Crypto.com or "DeFi" or <insert crypto "scam" here> etc... ::)


Title: Re: New Ledger phishing mail targets individual users
Post by: bct_ail on April 29, 2021, 09:12:43 AM
Also i receive ton of crypto like spam email... but its possibly that is coincidence?  I got to assume maybe even regular people receive ton of that spam mail nowadays?
My partner, who knows pretty much nothing about crypto (other than the fact that some of my crypto bought her some amazon giftcards for her B'day :P) gets emails every other day about Doge or Crypto.com or "DeFi" or <insert crypto "scam" here> etc... ::)

And I get emails that I have watched adult movies and they recorded it on webcam. But that can't be possible because I don't have a Webcam.......at that PC.  :D
Once the scammers have your email adress you get bombarded with spam emails.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on April 29, 2021, 10:41:00 AM
But i wonder if entering email address on the one hcp posted would be good or not because wouldn't they record any email address typed in though even though it says it won't?
That is a possibility, yes. No one can tell you that with certainty. Only the owner of the site can, and he can lie about it. If you think your data has been leeked, make a search to see what exactly is out there. But don't do it just to cure your curiosity. 

I received targeting phishing emails a while back... the ones where it say we see your ledger has been logged in russia or some country like that etc.
That's different. Spam mails like that were sent even before the Ledger hack. Have you received the type of emails described in this thread? The ones telling you your assets are at risk, and you need to download a new version of the LL software?


Title: Re: New Ledger phishing mail targets individual users
Post by: jerry0 on April 29, 2021, 08:14:03 PM
But i wonder if entering email address on the one hcp posted would be good or not because wouldn't they record any email address typed in though even though it says it won't?
That is a possibility, yes. No one can tell you that with certainty. Only the owner of the site can, and he can lie about it. If you think your data has been leeked, make a search to see what exactly is out there. But don't do it just to cure your curiosity. 

I received targeting phishing emails a while back... the ones where it say we see your ledger has been logged in russia or some country like that etc.
That's different. Spam mails like that were sent even before the Ledger hack. Have you received the type of emails described in this thread? The ones telling you your assets are at risk, and you need to download a new version of the LL software?



I don't believe i received that email of your assets are at risk and you need to download new version of ledger live.... i dont believe so but i will check.


But if you receive that, very good chance the other things are leaked then right?


Title: Re: New Ledger phishing mail targets individual users
Post by: HCP on April 30, 2021, 03:39:28 AM
Not necessarily... like I said, my partner who has never been to any crypto related site ever gets "Warnings" that her crypto wallet is at risk. With cryptocurrency getting a lot more mainstream, the spammers are, as always, just playing a numbers game...

Hell, I get warnings that my <insert exchange/service that I have never used> account is blocked and I need to click on this link to fix etc.

Granted, getting the emails from the leaks isn't particular difficult... all the data is out there... and targeting those emails is likely going to get "better" results for a scammer than blindly emailing random email addresses... but those types of emails are not exclusive to the emails in the leaked data.


Title: Re: New Ledger phishing mail targets individual users
Post by: jerry0 on May 02, 2021, 06:12:25 PM
What i do know is my email when i put it on that site of haveibeenpwned.com does show yes though.


But of course im not sure putting my ledger email in that site is thus safe etc.


So i guess if you didn't get that specific email message of you need to download ledger live and update it... then most likely your are fine?  Now anyone here get any spam to phone number though?  Since its been said phone number could be leaked?


Title: Re: New Ledger phishing mail targets individual users
Post by: bL4nkcode on May 02, 2021, 06:17:50 PM
What i do know is my email when i put it on that site of haveibeenpwned.com does show yes though.


But of course im not sure putting my ledger email in that site is thus safe etc.


So i guess if you didn't get that specific email message of you need to download ledger live and update it... then most likely your are fine?  Now anyone here get any spam to phone number though?  Since its been said phone number could be leaked?
If it showed "Oh no — pwned!" then most probably your email was used to register on some websites that has been breached before and was recorded on haveibeenpwned database or sources.

What you should avoid is clicking any links sent to you, especially messages on your spam folder.


Title: Re: New Ledger phishing mail targets individual users
Post by: Pmalek on May 02, 2021, 06:22:28 PM
So i guess if you didn't get that specific email message of you need to download ledger live and update it... then most likely your are fine?
You would have gotten multiple email messages by now if your email was among the leaked ones. They can't have possible missed you when the amount of spam even spilled over to email addresses that weren't part of the database hack. 

Now anyone here get any spam to phone number though?  Since its been said phone number could be leaked?
It's irrelevant to you and that information can't help you in any way. My name was in the database hack together with personal details of my friend who received the package in my name. His phone number is in there, but he has not received any SMS messages or spam calls. Even if he did, it doesn't impact you in any way. He has received dozens of emails though.