Bitcoin Forum
March 28, 2024, 03:27:00 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Ledger Security Notice-Ecommerce and Marketing data have been exposed-Funds Ok  (Read 285 times)
DdmrDdmr (OP)
Legendary
*
Offline Offline

Activity: 2268
Merit: 10633


There are lies, damned lies and statistics. MTwain


View Profile WWW
July 29, 2020, 07:28:18 AM
Last edit: July 29, 2020, 07:41:25 AM by DdmrDdmr
Merited by Coyster (1), BIT-BENDER (1), jademaxsuy (1)
 #1

I normally do not like posting anything that is little more than a copy/paste + link, but this case justifies me doing so:

https://www.ledger.com/addressing-the-july-2020-e-commerce-and-marketing-data-breach

Quote

Our ecommerce and marketing database leaked, we immediately fixed the breach. Contact and order details were involved. Your funds are safe.
 

What happened?

On the 14th of July 2020, a computer researcher that participated in our bug bounty program notified us of a potential data breach on the Ledger website. We immediately fixed the breach after receiving the researcher’s report and undertook an internal and external investigation of the situation. While conducting the investigation, we discovered an unauthorized third party had gained access to customer information.  
 

What personal information was involved?

Contact and order details were involved. This is mostly the email address of our customers. Further to investigating the situation we have also been able to establish that, for a subset of customers were also exposed: first and last name, postal address, phone number and ordered products. Due to the scope of this breach and our commitment to our customers, we have decided to inform all of our customers about this situation.

Payment information, credentials (passwords) or crypto funds are not impacted by this data breach. This data breach has no link nor impact on our hardware wallets and the Ledger Live application. Your crypto assets are safe and are not in peril.
 

What we have done, what we are doing

We have taken immediate action on 14th of July 2020, to resolve the data breach.

On the 17th of July, we notified the CNIL -- the French Data Protection Authority -- about this data breach and are continuing to work with authorities throughout the legal process.

We are continuously monitoring for evidence of our customers’ contact details being disclosed on the internet, and have found none thus far. We also performed an internal penetration test.

We are currently in the process of filing a complaint before the French public prosecutor regarding the unauthorized access and we will support law enforcement investigation.

We are extremely regretful for this incident. We take privacy very seriously, and we sincerely apologize for the inconvenience this matter may cause you.
 

What you can do

We recommend you exercise caution -- always be mindful of phishing attempts by malicious scammers.

As a reminder, Ledger will never ask you for the 24 words of your recovery phrase. If you receive an email that looks like it came from Ledger asking for your 24 words, you should definitely consider it a phishing attempt.

We suggest you visit Ledger Academy security section to educate yourself on general security principles and more precisely our article about phishing attacks.

Pascal Gauthier, Ledger CEO

If the above is completely true, and facts and scope of the breach are as is, be very wary over the comming days of personalized phising attempts.

It really despise the fact that addresses were leaked. That is unforgivable, and although I do not expect a criminal campaign preceded by a mass sell of 5$ wrenches at warehouses, for a company that works on security, encrypting the DB and storing the keys separately is bloody paramount.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
1711639620
Hero Member
*
Offline Offline

Posts: 1711639620

View Profile Personal Message (Offline)

Ignore
1711639620
Reply with quote  #2

1711639620
Report to moderator
1711639620
Hero Member
*
Offline Offline

Posts: 1711639620

View Profile Personal Message (Offline)

Ignore
1711639620
Reply with quote  #2

1711639620
Report to moderator
1711639620
Hero Member
*
Offline Offline

Posts: 1711639620

View Profile Personal Message (Offline)

Ignore
1711639620
Reply with quote  #2

1711639620
Report to moderator
In order to achieve higher forum ranks, you need both activity points and merit points.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711639620
Hero Member
*
Offline Offline

Posts: 1711639620

View Profile Personal Message (Offline)

Ignore
1711639620
Reply with quote  #2

1711639620
Report to moderator
1711639620
Hero Member
*
Offline Offline

Posts: 1711639620

View Profile Personal Message (Offline)

Ignore
1711639620
Reply with quote  #2

1711639620
Report to moderator
jseverson
Hero Member
*****
Offline Offline

Activity: 1834
Merit: 757


View Profile
July 29, 2020, 07:49:18 AM
 #2

If the above is completely true, and facts and scope of the breach are as is, be very wary over the comming days of personalized phising attempts.

More than that, I would even be wary of being robbed. There are people out there who know you're probably holding a respectable number of coins, what to look for, and where they may find it. If you're one of the customers whose data got leaked, it probably wouldn't hurt to bolster your physical security.

Supply chain attacks have basically been the only real downside in hardware wallet discussions, and I feel like this is another big one that will repeatedly come up in the future. I'm pretty happy I make my own cold wallet.

Coyster
Legendary
*
Offline Offline

Activity: 1974
Merit: 1227


'Life's but a walking shadow'!


View Profile
July 29, 2020, 08:02:44 AM
 #3

More than that, I would even be wary of being robbed. There are people out there who know you're probably holding a respectable number of coins, what to look for, and where they may find it. If you're one of the customers whose data got leaked, it probably wouldn't hurt to bolster your physical security.
jseverson you do have a point there, but this scammers are more of cyber criminals than armed robbers, so a situation of one of those users whose information just got leaked being robbed is imo improbable; that being said, it doesn't mean it cannot happen, but the scammers will try every online means, phishing attempts, impersonations, blackmailing etc, and if it ever gets to a robbery incident, i'll expect the user to have hundreds of thousands (or millions even) in bitcoin, for the scammers to take the risk of being caught now coming in person.





████
████████
██████████
████████████
█░████████
███████████
████████████
██████████
 Ladies.de  ███████████████
████▄▄▄███████▄▄▄▄
▄███████████████████▄
██████████████████
████████████████
▐████████████████▌
░████████████
░███
███████████████
▐████
██████████████▌
░█████
██████████████
██▀███████
█████████▀
███████████████████
██████████████████
▬▬▬▬▬▬▬▬
 LadiesStars  
▬▬▬▬

  

▀▀▀▄▄▄▄▄█████████▄▄▄▄▄▀▀▀
░░▐▌░░▀▀▀▀█▀▀▀▀░░▐▌░░
▀█▄▐▌▄█▀████████▀█▄▐▌▄█▀
▀████▀███████████▀████▀
███████████████
▀████▀███████████▀████▀
▀███▀




███████
btcltcdigger
Hero Member
*****
Offline Offline

Activity: 1974
Merit: 756


To boldly go where no rabbit has gone before...


View Profile
July 29, 2020, 09:41:34 AM
 #4

If the above is completely true, and facts and scope of the breach are as is, be very wary over the comming days of personalized phising attempts.

More than that, I would even be wary of being robbed. There are people out there who know you're probably holding a respectable number of coins, what to look for, and where they may find it. If you're one of the customers whose data got leaked, it probably wouldn't hurt to bolster your physical security.

Supply chain attacks have basically been the only real downside in hardware wallet discussions, and I feel like this is another big one that will repeatedly come up in the future. I'm pretty happy I make my own cold wallet.

Yeah, if they can tie wallets with ledgers, and lesgers with addresses, then some people might have something to be worried about.
Time to lock up ledgers and move them to a safe place i guess

In any case, i'm sure everyone who owns a ledger can expect alot of emails in the following weeks
Maus0728
Legendary
*
Offline Offline

Activity: 1862
Merit: 1551


Bitcoin Casino Est. 2013


View Profile
July 29, 2020, 10:35:55 AM
 #5

Is this somehow related to Ledger(and Trezor) hardware wallet owners: heads up | EDIT: (debunked)?

And yeah $5 wrench attack is a great risk for people who are also living on their household..probably an average bitcoiner. 2 consecutive info breach on Ledger is something to be afraid of LOL. It is also a good idea to shop on Ledger using another location for delivery and a dummy name since I don't think they give importance whether it is true or not.

███▄▀██▄▄
░░▄████▄▀████ ▄▄▄
░░████▄▄▄▄░░█▀▀
███ ██████▄▄▀█▌
░▄░░███▀████
░▐█░░███░██▄▄
░░▄▀░████▄▄▄▀█
░█░▄███▀████ ▐█
▀▄▄███▀▄██▄
░░▄██▌░░██▀
░▐█▀████ ▀██
░░█▌██████ ▀▀██▄
░░▀███
▄▄██▀▄███
▄▄▄████▀▄████▄░░
▀▀█░░▄▄▄▄████░░
▐█▀▄▄█████████
████▀███░░▄░
▄▄██░███░░█▌░
█▀▄▄▄████░▀▄░░
█▌████▀███▄░█░
▄██▄▀███▄▄▀
▀██░░▐██▄░░
██▀████▀█▌░
▄██▀▀██████▐█░░
███▀░░
HeRetiK
Legendary
*
Offline Offline

Activity: 2884
Merit: 2061



View Profile
July 29, 2020, 10:53:31 AM
 #6

More than that, I would even be wary of being robbed. There are people out there who know you're probably holding a respectable number of coins, what to look for, and where they may find it. If you're one of the customers whose data got leaked, it probably wouldn't hurt to bolster your physical security.
jseverson you do have a point there, but this scammers are more of cyber criminals than armed robbers, so a situation of one of those users whose information just got leaked being robbed is imo improbable; that being said, it doesn't mean it cannot happen, but the scammers will try every online means, phishing attempts, impersonations, blackmailing etc, and if it ever gets to a robbery incident, i'll expect the user to have hundreds of thousands (or millions even) in bitcoin, for the scammers to take the risk of being caught now coming in person.

Problem being, these datasets usually get sold on the black market. So while the original attackers might not do physical crime, they very well might sell the data to criminals who do. If you live in a country that's relatively safe to begin with this probably won't affect you, but if you live in an area prone to organized crime you now might have a big target on your back.
Erumo
Member
**
Offline Offline

Activity: 549
Merit: 42


View Profile
July 29, 2020, 11:02:32 AM
 #7

They got owned for 4 days, and only now they announce about it. Not smart. Why not announce it on the day they got exploited and warn users  from giving "24 words of your recovery phrase" to someone.

Not a single word about compensation to 9500 customers. This will strike hard on their reputation. I expect used ledgers appear on the market, as well as discounts in ledger shop.

You mess with the meow meow
You get the peow peow
20kevin20
Legendary
*
Offline Offline

Activity: 1134
Merit: 1597


View Profile
July 29, 2020, 11:37:34 AM
 #8

I wonder if older customers have been affected as well or just recent ones. IIRC, they once said older customers are deleted from their database for security purposes. The fact that it's the second time something like this happens is worrying, to say the least.

I'd say a wrench attack isn't very likely for most customers, but is something they should consider - especially if bigger or more popular names are involved.
DdmrDdmr (OP)
Legendary
*
Offline Offline

Activity: 2268
Merit: 10633


There are lies, damned lies and statistics. MTwain


View Profile WWW
July 29, 2020, 12:29:36 PM
Merited by 20kevin20 (1)
 #9

This information release explains the incident a wee bit further:
 https://www.ledger.com/addressing-the-july-2020-e-commerce-and-marketing-data-breach

If we take it as is:

- The data breach was performed through an unauthorized use of an API Key to access both the Marketing and e-commerce data.

- They figure that 1M email addresses may have been retrieved through the API (I figure they keep logs of API usage, and should be able to be certain of this fact).


- Personal stolen data was delimited to that of 9500 customers (they do not provide a criteria here to know who may be affected by this part of the breach).

- All affected customers have received an email with information on this breach. Therefore, if you’ve received an email such as the one in the OP, you are amongs those breached. There is no information on whether the 9.500 customers that have had their personal data breached, have or have not been explicitly notified of this fact.


The positive side (so as to say) is that the personal data breach is delimited to a very small portion of the database. Emails are going to be used for phising campaigns for sure, so be wary of any email you receive related to ledger: check the sender properly, and contrast with the official Ledger website. Do not panic and rush to providing mnemonics at any time on any site, and do not move to downloading anything related from an external link (i.e. alleged Ledger Live updates).

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
jseverson
Hero Member
*****
Offline Offline

Activity: 1834
Merit: 757


View Profile
July 30, 2020, 02:36:02 AM
 #10

jseverson you do have a point there, but this scammers are more of cyber criminals than armed robbers

To add to what @HeRetiK has already said, hackers are more likely to sell your data rather than use it. Trezor's blog actually covers this:

In most cases, the hacker will not use the data, but instead will sell them to a third party, often called a “broker.” By selling the stolen information, they’re reducing the risk they’re facing compared to the risk of using the data by themselves.

Actually utilizing the hacked data is usually a big operation, and the hackers themselves may not have enough resources to fully take advantage of it. That being said, your data could easily end up with a random person/group within your vicinity, and we have no idea what kind of action they would take. I agree that it's far more likely for them to be used in a social engineering attack, but physical assaults relating to crypto aren't unheard of (and it might even be safe to assume that they're uncommon because attackers aren't aware who HODLs; this dataset can provide them with a full list), so I'd say it's important to highlight this risk.

squatter
Legendary
*
Offline Offline

Activity: 1666
Merit: 1196


STOP SNITCHIN'


View Profile
July 30, 2020, 02:59:23 AM
Merited by DdmrDdmr (2)
 #11

There is no information on whether the 9.500 customers that have had their personal data breached, have or have not been explicitly notified of this fact.

They specified this on Twitter:

Quote
If you are part of the approximately 9500 customers whose detailed personal information - name surname, postal address or phone number - were accessed by the unauthorized third party you have been notified 30 minutes ago.

I guess you can breathe easy if you haven't received an email specifying that you were part of the smaller breach.

This is all very disappointing considering what Ledger is in the business of. This is yet another reminder -- don't reuse email addresses, and use P.O. boxes for sensitive purchases.

jademaxsuy
Full Member
***
Offline Offline

Activity: 924
Merit: 220


View Profile WWW
July 30, 2020, 04:21:31 AM
 #12

Problem being, these datasets usually get sold on the black market. So while the original attackers might not do physical crime, they very well might sell the data to criminals who do. If you live in a country that's relatively safe to begin with this probably won't affect you, but if you live in an area prone to organized crime you now might have a big target on your back.
Yes pretty sure Identities could be use in scamming. There are many individuals being directed as scammers even not really connected to the scam instead it was only his identity being used to prove that they are legit and exposed the victims Identity. This is a very serious problem in the future. It is because identities can be use and tag to a scam activities. This is even common to facebook where many users are copying pictures and identity of others then selling. The hard part is that identity is not the true identity of the scammer.
cryptoaddictchie
Legendary
*
Offline Offline

Activity: 2030
Merit: 1315



View Profile
July 30, 2020, 04:54:02 AM
 #13

Ive received too the security notice from Ledger, but checking in on their social media how to know if I were part of those. I think my information were safe. At first I thought the mailed was a spam email but checking the social media and it did sync in that they were breached.


Quote
If you are part of the approximately 9500 customers whose detailed personal information - name surname, postal address or phone number - were accessed by the unauthorized third party you have been notified 30 minutes ago.

I guess you can breathe easy if you haven't received an email specifying that you were part of the smaller breach.



Can anyone from ledger users confirm here if ever you got emailed from them about the qoute aboved? I think they should aplogize to those 9500 users who were affected and give them compensation and assurance just in anycase their profile has been caught doing any illegal activity as scammer can used their details.

.BEST..CHANGE.███████████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
███████████████
..BUY/ SELL CRYPTO..
Yogee
Sr. Member
****
Offline Offline

Activity: 1498
Merit: 410



View Profile
July 30, 2020, 04:54:15 AM
 #14

I wonder if older customers have been affected as well or just recent ones. IIRC, they once said older customers are deleted from their database for security purposes. The fact that it's the second time something like this happens is worrying, to say the least.
We can't say for sure since they can store customer data for up to 10 years.
Quote
If you purchased a product or a service from us, we may retain some transactional data attached to your Contact Details to comply with our legal, tax or accounting obligations for a maximum 10 years period set forth by French applicable laws, as well as to allow us to manage our rights (for example to assert our claims in Courts) during applicable French statutes of limitations.


Those 9,500 customers affected are probably fuming upon learning their personal data got leaked. I'm not victim blaming or anything but I wonder if they all read what's stated in the Ledger's Privacy Policy?
Quote
Who may we share your information with?

Ledger, its employees and contractors may use some of your personal data strictly as part of their duties and in accordance with this Privacy Policy.

We may also transmit some of your data to third parties such as payment services, infrastructure, logistics, and other services providers.

We enter into contractual arrangements with these third parties to ensure that personal data they could have to process for the provision of their tasks is adequately secured and that your privacy is protected. These providers have privacy policies which you may refer to for information about how they process your information and how to exercise your data subjects’ rights as provided under Applicable Laws. All personal data processed by these third parties shall solely be used to perform the services they provide to us and for the purposes set out in this Privacy Policy.

In certain circumstances and only where required by Applicable Laws, we may disclose some of your data to competent administrative or judicial authorities or any other authorized third party.

- https://shop.ledger.com/pages/privacy-policy

They can request for the erasure of their personal data but the risk was already there when they bought their wallet. I don't think Ledger will ever change their privacy policy but this is something potential customers should be aware of too.


█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█
█                             █
   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄          █
            ▄▄████████▄▄     █
     ▄▄▄▄▄▄██████████████▄   █
          █████▀▀  ▀▀█████▄  █
          █████      ██████  █
          █████▄▄  ▄▄█████▀  █
     ▀▀▀▀▀▀██████████████▀   █
            ▀▀████████▀▀     █
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀          █
█                             █
█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█
|
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▄██████▀████░███▄██▄
███░████████▀██░████░███
███░████░█▄████▀░████░███
███░████░███▄████████░███
▀██▄▀███░█████▄█████▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
SSC NAPOLI
OFFICIAL EUROPEAN
BETTING PARTNER
|.
ROLLBOTS
|
▄▄███████▄▄
▄███████████████▄
▄███████████████████▄
▄██▀▀▀▀▀▀▀▀▀▀▀▀▀▀█████▄
▄█████████▀████████▀████▄
██████▄▄▄█████▄▄█████████
█████████████████████████
██████▀▀▀█████▀▀█████████
▀█████████▄████████▄████▀
▀██▄▄▄▄▄▄▄▄▄▄▄▄▄▄█████▀
▀███████████████████▀
▀███████████████▀
▀▀███████▀▀
ROLLBIT COIN
TRADE RLB NOW!
|█▀▀▀











█▄▄▄
.
   PLAY NOW   
▀▀▀█











▄▄▄█
Yogee
Sr. Member
****
Offline Offline

Activity: 1498
Merit: 410



View Profile
July 30, 2020, 04:57:18 AM
 #15

Ive received too the security notice from Ledger, but checking in on their social media how to know if I were part of those. I think my information were safe. At first I thought the mailed was a spam email but checking the social media and it did sync in that they were breached.
If you received an official email from them, then you are one of the 9,500 customers affected by the hack.

Please check the sender to be sure if it's actually from Ledger.

█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█
█                             █
   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄          █
            ▄▄████████▄▄     █
     ▄▄▄▄▄▄██████████████▄   █
          █████▀▀  ▀▀█████▄  █
          █████      ██████  █
          █████▄▄  ▄▄█████▀  █
     ▀▀▀▀▀▀██████████████▀   █
            ▀▀████████▀▀     █
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀          █
█                             █
█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█
|
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▄██████▀████░███▄██▄
███░████████▀██░████░███
███░████░█▄████▀░████░███
███░████░███▄████████░███
▀██▄▀███░█████▄█████▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
SSC NAPOLI
OFFICIAL EUROPEAN
BETTING PARTNER
|.
ROLLBOTS
|
▄▄███████▄▄
▄███████████████▄
▄███████████████████▄
▄██▀▀▀▀▀▀▀▀▀▀▀▀▀▀█████▄
▄█████████▀████████▀████▄
██████▄▄▄█████▄▄█████████
█████████████████████████
██████▀▀▀█████▀▀█████████
▀█████████▄████████▄████▀
▀██▄▄▄▄▄▄▄▄▄▄▄▄▄▄█████▀
▀███████████████████▀
▀███████████████▀
▀▀███████▀▀
ROLLBIT COIN
TRADE RLB NOW!
|█▀▀▀











█▄▄▄
.
   PLAY NOW   
▀▀▀█











▄▄▄█
squatter
Legendary
*
Offline Offline

Activity: 1666
Merit: 1196


STOP SNITCHIN'


View Profile
July 30, 2020, 05:06:56 AM
 #16

Can anyone from ledger users confirm here if ever you got emailed from them about the qoute aboved? I think they should aplogize to those 9500 users who were affected and give them compensation and assurance just in anycase their profile has been caught doing any illegal activity as scammer can used their details.

Ledger doesn't appear to have enough customer information for identity theft. The main concern is phishing given that that 1 million email addresses were compromised. There may be a theoretical chance of $5 wrench attacks, but since there is no association between Ledger customers and actual cryptocurrency holdings -- no way to target big holders -- the chances seem remote.

DdmrDdmr (OP)
Legendary
*
Offline Offline

Activity: 2268
Merit: 10633


There are lies, damned lies and statistics. MTwain


View Profile WWW
July 30, 2020, 07:24:47 AM
 #17

<...>
Ok, thanks. Good to know that those 9.500 customers involved in the personal data breach were explicitly informed on which specific data was involved. This was done through a second email, distinct from the one reflected in the OP, which was sent to the 1M breached emails.

I’ve skimmed through the whole twitter conversation, and have found one reference from a person who allegedly bought his Ledger device 3 years ago, and received the above described second email. If the case is true, the pattern (which is not revealed) does not circumscribe to those that made a recent purchase (as some people speculated there).

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
mk4
Legendary
*
Offline Offline

Activity: 2716
Merit: 3816


🪸 NotYourKeys.org 🪸


View Profile
July 30, 2020, 08:28:27 AM
 #18

Ladies and gentlemen, if you have have been a customer of Ledger and you got their products delivered in your home, now might be the perfect time for you to learn about $5 wrench attacks.



█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Coyster
Legendary
*
Offline Offline

Activity: 1974
Merit: 1227


'Life's but a walking shadow'!


View Profile
July 30, 2020, 08:46:06 AM
Last edit: July 30, 2020, 08:58:21 AM by Coyster
 #19

Could it have been the work of "hackers" from government supported agencies which have more effective tools  than $5 wrenches?
No, the chances it was the government who did this, hacking into the ledger system and stealing users email addresses is almost nil in my opinion, some governments obviously may not support crypto, but they also don't sell people's email addresses in the black market or try to scam through phshing mails, the hack surely is the work of scammers who have always targeted crypto (bitcoin) users ever since its value skyrocketed.
Ladies and gentlemen, if you have have been a customer of Ledger and you got their products delivered in your home, now might be the perfect time for you to learn about $5 wrench attacks.
I'm so sure ledger users will be getting extremely paranoid atm, i also want to add that should the hackers sell this data to people who can actually do physical damage, it will be carried out many months from now, not at this time the issue is still 'hot topic', so those 'breached' users should up their guard, not just for the meantime, but for many months to come





████
████████
██████████
████████████
█░████████
███████████
████████████
██████████
 Ladies.de  ███████████████
████▄▄▄███████▄▄▄▄
▄███████████████████▄
██████████████████
████████████████
▐████████████████▌
░████████████
░███
███████████████
▐████
██████████████▌
░█████
██████████████
██▀███████
█████████▀
███████████████████
██████████████████
▬▬▬▬▬▬▬▬
 LadiesStars  
▬▬▬▬

  

▀▀▀▄▄▄▄▄█████████▄▄▄▄▄▀▀▀
░░▐▌░░▀▀▀▀█▀▀▀▀░░▐▌░░
▀█▄▐▌▄█▀████████▀█▄▐▌▄█▀
▀████▀███████████▀████▀
███████████████
▀████▀███████████▀████▀
▀███▀




███████
mk4
Legendary
*
Offline Offline

Activity: 2716
Merit: 3816


🪸 NotYourKeys.org 🪸


View Profile
July 30, 2020, 09:23:16 AM
 #20

I'm so sure ledger users will be getting extremely paranoid atm, i also want to add that should the hackers sell this data to people who can actually do physical damage, it will be carried out many months from now, not at this time the issue is still 'hot topic', so those 'breached' users should up their guard, not just for the meantime, but for many months to come

Sure it's really likely that the database wouldn't be given to some criminals(or publicly leaked) today or tomorrow, but yea this is something people shouldn't set aside for the meantime and deal with it in the future instead; which I assume people are doing.

Anyway, this shouldn't solely be a $5 wrench issue. The data being publicly available also means the government is going to know which people actually poses bitcoin and cryptocurrencies; which is also definitely a bad thing.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!