bitcoinst (OP)
|
|
July 29, 2020, 03:52:56 PM |
|
Ledger Hardware Crypto Wallet Team Disclosed Data Breach, 1 Mln Users' Data Under AttackJuly 29, 2020, the team behind the Ledger products revealed that a critical vulnerability had been disclosed two weeks ago in the Ledger e-commerce database. It has mostly affected the email addresses of Ledger purchasers, but it has also affected some personal information. As announced by the Ledger team in their recent official statement, a participant in the Ledger bounty program contacted them on July 14 with information about a security breach. It was immediately fixed, but then the experts disclosed that the system had been further exploited on June 25. A third-party attacker accessed the segments of e-commerce and promotional databases holding the email addresses of customers. Additionally, 9,500 users were exposed to a leak of order details: name, street address, phone number and the details of what they ordered. During the investigation, Ledger's officers found out that the malefactor abused the API key. This API key was immediately deactivated and is no longer accessible. https://cryptocomes.com/news/ledger-hardware-crypto-wallet-team-disclosed-data-breach-1-mln-users-data-under-attack
|
|
|
|
wxa7115
|
|
July 29, 2020, 05:03:52 PM |
|
This is without a doubt very troubling information, even if they are assuring their customers their funds are safe and I think they are right, several attack vectors are now opened, first of all 9500 people are going to at least be exposed as holders of cryptocurrencies and their identities could be stolen and sold on the black market, I wonder why ledger does not delete personal information from their servers after a few weeks or months to limit the scope of a possible data breach like this one.
The second issue is that we are bound to see a bunch of phishing attacks against ledger customers asking for their private keys or their seed words and unfortunately many will fall for it losing a fortune in the process.
And finally the reputation and the sales of ledger will suffer, anyone on the fence thinking about whether they will get a ledger or a trezor will probably prefer to pick a trezor until things calm down.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2161
|
|
July 29, 2020, 05:25:20 PM |
|
People have been saying "just buy a hardware wallet" for a long time, but it has always been less than a perfect solution, because some centralization and trust has always been involved, and now it was abused. Now potential burglars and kidnappers have a list of people who own some bitcoins, and something like this will never happen with a software wallet, because it doesn't ask you for your personal information during installation.
IMO and old PC with live OS like Tails is the best cold storage you can get.
|
|
|
|
HardFacts
Member
Offline
Activity: 434
Merit: 29
|
|
July 29, 2020, 06:03:14 PM |
|
|
|
|
|
desticy
Sr. Member
Offline
Activity: 1512
Merit: 292
www.cd3d.app
|
|
July 29, 2020, 06:22:26 PM |
|
Is it just me or did you say Ledger is centralised? Do you think anyone would use Ledger wallet if the data of private keys and user access keys were stored on their servers? Hardware wallets store private keys internally, which eliminates the possibility of users' private keys leaking into the network.The point is that only you own the keys to your wallet, which means that all that hackers can get is your geo data (if you entered it) and your email. Those whose data has leaked now should be wary of phishing emails.
|
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1598
|
|
July 29, 2020, 06:54:02 PM |
|
People have been saying "just buy a hardware wallet" for a long time, but it has always been less than a perfect solution, because some centralization and trust has always been involved, and now it was abused. Now potential burglars and kidnappers have a list of people who own some bitcoins, and something like this will never happen with a software wallet, because it doesn't ask you for your personal information during installation.
IMO and old PC with live OS like Tails is the best cold storage you can get.
I highly doubt all these people have a lot of money stored on their Ledger. As a burglar, choosing someone off this list could be a very big hit or, more likely, a very big miss. I mean, you could get a Legder from authorized resellers without having to fill any personal detail. This is still an option. The customer leak could happen to any other shop just as easily. There can't really be online shops without trust and centralization.
|
|
|
|
Mpamaegbu
Legendary
Offline
Activity: 2856
Merit: 1232
Once a man, twice a child!
|
|
July 29, 2020, 07:21:21 PM |
|
From all indications what this hack has proved is that no system made by man is fool proof. If man makes it, man can also break it. Before now a lot of people were up defending Ledger as the best hardware crypto wallet and the best thing to have happened to man after the discovery of bread and butter. Now we know that ledger is also vulnerable. However, I sincerely hope its customers are safe with all the leaked addresses and emails. At least, they don't have to be looking at their shoulders to check who is trailing them or not.
|
██████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ██████████████████████ | ██████████████████████████████████████████ LuckyDiamond.io
██████████████████████████████████████████ | █▀ |
| █████▄▄███████▄▄ ███▄█████████████▄ ██████████▀████████ ███████▀█▄░▄█▀███████████ █████████▄█▄███████████▐▌ ███████████████████████▐▌ ███▀▀▀▀██▀▀▀▀██▀▀▀▀██▄▄▐▌ ███░▀█░██░▀█░██░▀█░██████ ███░█░░██░█░░██░█░░██▀▀ ███░░░░██░░░░██░░░░██ █████████████████████ ███████████████████ ██▀███████████████▀ |
▄█ | | | 50% DEPOSIT BONUS | | | 15% RAKEBACK BONUS | | | VIP CLUB | | | PLAY NOW |
|
|
|
bolawin
Copper Member
Jr. Member
Offline
Activity: 246
Merit: 7
buy bitcoin, hodl bitcoin
|
|
July 29, 2020, 09:38:26 PM |
|
if your email is leaked, expected to see alot of spam investment offer on your inbox
|
buy bitcoin, hodl bitcoin
|
|
|
aundroid
Legendary
Offline
Activity: 1232
Merit: 1247
|
|
July 29, 2020, 10:40:06 PM |
|
If you haven't received another mail until 5 pm CET today, at least you don't belong to the 9500 customers whose personal informations have been leaked. This was announced by the official Ledger Twitter account today. sourceThere is now also a FAQ section on the website: https://support.ledger.com/hc/en-us/articles/360015559320?s=09
|
►►► MY TOPICS ◄◄◄ ➤ Blockchain Basics - FAQ DE ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN ➤ Crypto SCAM - HowTo protect yourself EN ➤ [CHECKLISTE] zur Bewertung von ICOs DE ➤ [Overview] Exchanges, IEOs and their ROIs DE | EN ➤ [Howto] Use Ledger Nano as Security Key DE | EN ➤ [OVERVIEW] Recommended Crypto Telegram Bots DE | EN ➤ [Overview] GUI Miner DE | EN ➤ Activity, Merit und Ranganforderungen im Forum DE ➤ Alternativen zu Piggy's Notification Bot DE ➤ [Howto] Give Bitcoin as a gift DE | EN
|
|
|
Bitstarzisascam
Jr. Member
Offline
Activity: 62
Merit: 4
|
|
July 29, 2020, 10:54:09 PM |
|
Now we're going to hear news that people getting robbed and threatened to hand their ledger and the keys.
|
|
|
|
LogitechMouse
Legendary
Offline
Activity: 2604
Merit: 1045
Need A Campaign Manager? | Contact Little_Mouse
|
|
July 29, 2020, 11:42:01 PM |
|
~
So you are saying that whenever you use a hardware wallet, your Bitcoins are now being put in a centralized entity like the Ledger owner?? The fact that you have your own keys is a proof that what you are saying is nothing close to the topic being shared here. Its just the personal information that is being leaked and nothing related to the holdings of investors, private keys etc. The only problem with this is when these hackers will send some phishing links to different emails then that is the time when they will be hacked if they fall to these traps.
|
RAZED | │ | ███████▄▄▄████▄▄▄▄ ████▄███████████████▄ ██▄██████▀▀████▀▀█████▄ ░▄███████████▄█▌████████▄ ▄█████████▄████▌█████████▄ ██████████▀███████▄███████▄ ██████████████▐█▄█▀████████ ▀████████████▌▐█▀██████████ ░▀███████████▌▀████████████ ██▀███████▄▄▄█████▄▄██████ █████████████████████████ █████▀█████████████████▀ ███████████████████████ | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ███████████████████ | RAZED ORIGINALS SLOTS & LIVE CASINO SPORTSBOOK | | | NO KYC | | │ | RAZE THE LIMITS ►PLAY NOW |
|
|
|
bbc.reporter
Legendary
Offline
Activity: 3094
Merit: 1483
|
|
July 29, 2020, 11:51:31 PM |
|
if your email is leaked, expected to see alot of spam investment offer on your inbox Also, assume that your name, phone no. and postal address information to be somewhere in the darknet together with 999,999 other names and other information hehehe. The hackers should create a darknet public contacts list similar to a phonebook hehe.
|
| | . .Duelbits│SPORTS. | | | ▄▄▄███████▄▄▄ ▄▄█████████████████▄▄ ▄███████████████████████▄ ███████████████████████████ █████████████████████████████ ███████████████████████████████ ███████████████████████████████ ███████████████████████████████ █████████████████████████████ ███████████████████████████ ▀████████████████████████ ▀▀███████████████████ ██████████████████████████████ | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | ███▄██▄███▄█▄▄▄▄██▄▄▄██ ███▄██▀▄█▄▀███▄██████▄█ █▀███▀██▀████▀████▀▀▀██ ██▀ ▀██████████████████ ███▄███████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ▀█████████████████████▀ ▀▀███████████████▀▀ ▀▀▀▀█▀▀▀▀ | | OFFICIAL EUROPEAN BETTING PARTNER OF ASTON VILLA FC | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | 10% CASHBACK 100% MULTICHARGER | │ | | │ |
|
|
|
pixie85
|
Now we're going to hear news that people getting robbed and threatened to hand their ledger and the keys. You think that someone will break into your house and attack you because they know you bought a ledger? Most of ledger users have more valuable stuff in their houses than on their wallets. How are you going to know if: The buyer bought it for themselves and not to give away or sell? The buyer holds a lot of coins? You could end up breaking into someone's home and risking getting shot or stabbed to learn that they sold it, gave it to a friend or have just $1000 or something like that in cryptocurrencies. The wedding rings most people have on their fingers all the time can be worth more than that. I have a ledger and it wasn't bought on their site so I don't care.
|
|
|
|
philipma1957
Legendary
Online
Activity: 4284
Merit: 8728
'The right to privacy matters'
|
|
July 30, 2020, 12:42:03 AM |
|
Now we're going to hear news that people getting robbed and threatened to hand their ledger and the keys. You think that someone will break into your house and attack you because they know you bought a ledger? Most of ledger users have more valuable stuff in their houses than on their wallets. How are you going to know if: The buyer bought it for themselves and not to give away or sell? The buyer holds a lot of coins? You could end up breaking into someone's home and risking getting shot or stabbed to learn that they sold it, gave it to a friend or have just $1000 or something like that in cryptocurrencies. The wedding rings most people have on their fingers all the time can be worth more than that. I have a ledger and it wasn't bought on their site so I don't care. You make a very good point here which is being missed by most posters. To bring up a similar case of compromised email. Bitmain was hacked and thousands of customers emails home addresses and gear purchased was leaked. I purchased 100 plus pieces of bitmain gear. Does that hack mean many people will come to my home? Not likely. But if I owned a ledger I would not have all my coins on it any more.
|
|
|
|
OcTradism
|
|
July 30, 2020, 01:21:33 AM |
|
Is it official news on data breach and I don't know the severity of the breach. It need more time to confirm how serious it is but what I see from the news. 1 mil. users is the number is reported but we don't know the real one, how big it is. The only one thing I see and learn from it is "Not your keys, not your bitcoin". What to do next, from now if you care about your funds and such same breach in the future (not only on Ledger but also on any other exchanges or platforms)? - Avoid KYC as much as possible: Why KYC is extremely dangerous – and useless- Try to use good non-custodial wallets as Electrum because you will have full control of your private keys, wallets and funds. Be your own bank this way.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
Wexnident
|
|
July 30, 2020, 01:30:03 AM |
|
The announcement is nice and all but hmm, wouldn't some people take advantage of this and send spam mail? I mean, IF just if they were able to access a duplicate copy of the email and send them towards the affected, they could potentially dupe them into clicking their scam site or something. That is, providing they don't really read the email carefully and notice that the emailw as a fake ledger email. Though chances are small, there's still a chance. ~
Such information would rather be used on scamming people imo. Looking up their identity, creating fake accounts, setting up the scheme and etc. would be the action hackers would've done instead of robbing houses. Hackers are hackers for a reason, they fight on the internet, not in the real world. And besides, I don't think I've heard of robbing that required so many details. Just the fact that you needed to ask the person his ledger key is enough of a reason to doubt whether you should even do it since it's a huge risk, compared to a normal robbery where you just take as much money or jewels in the house as possible.
|
RAZED | │ | ███████▄▄▄████▄▄▄▄ ████▄███████████████▄ ██▄██████▀▀████▀▀█████▄ ░▄███████████▄█▌████████▄ ▄█████████▄████▌█████████▄ ██████████▀███████▄███████▄ ██████████████▐█▄█▀████████ ▀████████████▌▐█▀██████████ ░▀███████████▌▀████████████ ██▀███████▄▄▄█████▄▄██████ █████████████████████████ █████▀█████████████████▀ ███████████████████████ | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ███████████████████ | RAZED ORIGINALS SLOTS & LIVE CASINO SPORTSBOOK | | | NO KYC | | │ | RAZE THE LIMITS ►PLAY NOW |
|
|
|
crwth
Copper Member
Legendary
Offline
Activity: 2926
Merit: 1280
https://linktr.ee/crwthopia
|
|
July 30, 2020, 01:35:11 AM |
|
I have received an email with regards to that, so I'm quite thankful, in a way, to know that they are handling it carefully and letting people know the current situation. Because of the fact that many people need to give an address and name to get your device, it's inevitable, and it is all because of the security and bugs in the system. At least they are doing bug bounty programs for improvement and found that bug.
You can't get the ease of use when having a hardware wallet compared to creating an air-gapped laptop and opening it continuously just to transact.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
|
July 30, 2020, 02:26:52 AM |
|
The announcement is nice and all but hmm, wouldn't some people take advantage of this and send spam mail? I mean, IF just if they were able to access a duplicate copy of the email and send them towards the affected, they could potentially dupe them into clicking their scam site or something. That is, providing they don't really read the email carefully and notice that the emailw as a fake ledger email. Though chances are small, there's still a chance.
That's specifically what the leaked information would be used for. Given the sensitive information being leaked, attackers could potentially use the information to craft a more personalised phishing emails for the victims. Even if it isn't, the sensitive information could also be used in SE attacks against companies. Fortunately, the data breach is not that severe, only impacting their merchant information. At the same time, I don't think its necessary for Ledger (or any other hardware wallet manufacturer) to keep sensitive information of their customers for long periods of times. I would have expected information to be scrubbed regularly.
|
|
|
|
squatter
Legendary
Offline
Activity: 1666
Merit: 1196
STOP SNITCHIN'
|
|
July 30, 2020, 05:17:34 AM |
|
Does anyone have some information on what the more detailed email contains for one of the 9,500 that have been affected? I assume it is something along the lines of your personal data was one of the few taken, blah blah blah, investigators are on the case, etc etc.
I found this on Reddit: Security Notice - Your detailed personal information has been exposed
Dear client,
On the 14th of July 2020, a computer researcher that participated in our bug bounty program notified us of a potential data breach on the Ledger website. We immediately fixed the breach after receiving the researcher’s report and undertook an internal and external investigation of the situation. While conducting the investigation, we discovered an unauthorized third party had gained access to customer information.
While the majority of the data breach concerned email addresses, we regret to inform you that you are part of the approximately 9500 customers whose detailed personal information were accessed by the unauthorized third party. Specifically, your name and surname were exposed.
This data breach is not linked to our hardware wallets’ security and your cryptocurrency funds are safe. Due to our detailed security measures, attackers cannot steal your sensitive information like your recovery phrase and private keys. You are the only one in control and able to access this information.
We deeply apologize for this security breach and are working with law enforcement to undergo an investigation
Pascal Gauthier, Ledger CEO The person who received this email only had their name leaked. I assume others will have received emails stating that their phone numbers or home addresses were compromised too.
|
|
|
|
UserU
|
|
July 30, 2020, 05:27:45 AM |
|
if your email is leaked, expected to see alot of spam investment offer on your inbox In times like these, I wouldn't mind multiplying my Bitcoin with the likes of Elon Musk
|
. .500 CASINO.██ | ▄▀ | ▄
▄ | | . THE HOTTEST CRYPTO CASINO & SPORTSBOOK | | ▄▄▄████████████ ▄▄▄███████████████████ ▐█████████████████████ █████████████████████ ▐███████████████████ ▐███████████████████ ███████████████████ ██████▀█████▀██████ ▐████████▀█████████ ▐███████████████████ ███████████████████ ▐███████████████████ ▀██████▀▀▀▀▀▀ ▀▀▀█ | | █▄▄▄██████████▄▄▄ ███████████▀██▀▀██▄▄ ███████████████████▄ █████████████████████ ████▄████▄███████▄███ █████████████████████ ████▀████▀███████▀███ █████████████████████ ███████████████████▀ ███████████▄██▄▄██▀▀ ▀▀▀██████████▀▀▀ | | ► ORIGINALS
► SLOTS | | ► LIVE GAMES
► SPORTSBOOK | ▄
▄
| ▀▄ | . ██..PLAY NOW.. |
|
|
|
|