Bitcoin Forum
October 17, 2021, 10:12:37 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 3 4 5 6 7 8 9 [All]
  Print  
Author Topic: New Ledger phishing mail targets individual users  (Read 1714 times)
Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
October 25, 2020, 09:04:11 PM
Merited by suchmoon (4)
 #1

A new and well-written Ledger phishing mail is circulating. What is special about this one is that it is not only well written but it also addresses you with your first name. It is not a mass mail delivered to thousands of email addresses, it has only one receiver and targets one particular recipient. That means that someone who has access to the leaked database of Ledger users is probably sending those mails. 

The scammer claims that malware was detected on Ledger servers and that your crypto assets could be stolen. Anyone who received the mail is affected according to the sender. The mail suggests to download the latest version of Ledger Live. There is a link to it in the email. Users are also told to set up a new pin.

Users of this forum are already experienced enough to recognize this type of scam, but it never hurts to keep an eye out.
The sender of the e-mail is: info@ledgersupport.io

My friend abroad who got my Ledger device delivered to his house sent me this screenshot.






 

1634465557
Hero Member
*
Offline Offline

Posts: 1634465557

View Profile Personal Message (Offline)

Ignore
1634465557
Reply with quote  #2

1634465557
Report to moderator
Some PGP public keys you should import: theymos, Wladimir, Gregory, Pieter
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
October 25, 2020, 11:19:44 PM
 #2

Ledger is reckless and I am not at all surprised to see this, and I even said this was going to happen in July when that shit happened.

Now let's look how Ledger company values our privacy NOT.  Tongue

I did a small website domain search and I found something interesting here Ledger vs Trezor Tracking & Cookie privacy competition

This is not necessarily true. Someone could have access to another leaked database that includes your name, and are sending emails to every email in that database.

If your email is in a database for one major crypto company, there is a good chance that you will also receive mail from another major crypto company.
Dude, he clearly said it was email from his friend abroad who purchased Ledger for him.

Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
October 26, 2020, 09:00:01 AM
 #3

@PrimeNumber7
No, that can't be the case here. It can only be the Ledger database that got leaked and here is why. The Ledger database contains my name but my friend's email address. That combination doesn't exist anywhere else, because I have never used his email together with my name, except when I purchased my Ledger. He was the one who received the package, and I registered his email so can be get updates and info about shipping, tracking, etc.

What is interesting is that users on different websites are reporting at least 2 different dates used as the alleged time when malware was discovered on the servers, but the rest of the email is the same.  

Csmiami
Copper Member
Hero Member
*****
Online Online

Activity: 1022
Merit: 902


Yes, I consider myself to be hilarious


View Profile WWW
October 28, 2020, 06:08:13 PM
 #4

I have jsut received an SMS (lmao) from Ledger asking me to update the firmware because "the previous one has a bug". I was surprised that I had not received any email with the phishing attempt, because I had bought a couple of Ledgers back in April, but if no one else confirms they have received a similar message, I think it's safe to assume that they divided the database in 2 to try to reach to more people using different methods?

PS: I assume it's a phishing attempt because the website it asks me to check is https://ledger.legalwebsite (most likely my phone cut the link)
dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
October 29, 2020, 12:00:58 PM
 #5



Ledger company is total bullshit and (no)actions from them after hack/leak they had in July silenced almost all of their supporter or should I say blind believers in this forum Smiley
Everyone who purchased their shit is now bombarded with emails and sms messages, and they still don't admit relations with July hack.
How more stupid they can be, or they just think all their customers are stupid.

LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 1946
Merit: 2428

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
October 29, 2020, 01:35:18 PM
 #6

shit inside


You're lying

They did take actions after the breach, what did you expect from them? To call the army? To send a message to Jesus Christ to come back and punish the culprit?

- They informed the CNIL since the french law requires to do it in such a situation
- They filled a complaint to the authorities
- They informed the customers concerned

Legally, they did everything they needed to do.

As a reminder, it concerned the eCommerce data and had no impact on devices security or whatever

Audited their system with the help of Orange Cyberdefense, still monitoring some stuff, and without posting details here they're taking some others steps


How can you say no action is taken? FYI, no everyone "who purchased their shit" is bombarded with email/SMS. Check your facts before

dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
October 29, 2020, 01:39:27 PM
Last edit: October 29, 2020, 01:59:39 PM by dkbit98
 #7

You're lying and full of shit

Thank you for kind words Ledger worshiper  Tongue

I see deluded Ledger believers are still alive, or maybe you are part of stinky Ledger team?

Please show me where they said that all data from customers have been stolen including phone numbers, emails, full names and addresses?

They care more about fucking Bcash and Roger Ver

Here is your fucking shit website:


https://archive.vn/2C1LX

Eat that fork shit and bon appétit


Let's look at official statement from July:
  
Quote
Contact and order details were involved. This is mostly the email address of our customers, approximately 1M addresses. Further to investigating the situation we have also been able to establish that, for a subset of 9500 customers were also exposed, such as first and last name, postal address, phone number or ordered products. Due to the scope of this breach and our commitment to our customers, we have decided to inform all of our customers about this situation.
https://www.ledger.com/addressing-the-july-2020-e-commerce-and-marketing-data-breach

I should believe them that 1 million email addresses is exposed, but only 9500 with other data? Yeah right...

btcwish1
Full Member
***
Offline Offline

Activity: 393
Merit: 108


View Profile
October 29, 2020, 02:21:09 PM
 #8

I received the email today. To be brutally honest, at first glance I thought it was authentic and was sent from Ledger!.

The email is really convincing and copies all the styles and formatting of the original emails from the ledger company. I then checked the 'download' link and then i realized it's a phishing email because the link is clearly not from ledger!.

I am sure lot of innocent newbies will fall for this very phishing email  SIGH Embarrassed
LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 1946
Merit: 2428

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
October 29, 2020, 02:38:12 PM
 #9

...


You're truly full of shit. Funny how now you try to twist the problem you stated. You stated no action has been taken since and I showed otherwise and this is the main point

Check their blog perhaps. I also believe it was stated in the emails sent to customers. And surely all over the web mentioning this news

Quote
I see deluded Ledger believers are still alive, or maybe you are part of stinky Ledger team?

it doesn't interest any user here and there is no point in trying to change the direction of the discussion


Talking about the blog's post regarding Btrash, did you at least read it? Perhaps you should before posting a stupid argument

bob123
Legendary
*
Offline Offline

Activity: 1610
Merit: 2424



View Profile WWW
October 29, 2020, 04:12:39 PM
Merited by LeGaulois (1)
 #10

People receive phishing mails all the time.
What is the big deal with this one?

Just because you bought a ledger and receive a ledger phishing mail?
Customers of coinbase also receive phishing mails "from coinbase". Customers of the bank of america also receive phishing mails.

Checking an email for authenticity is not too hard.
Already the senders address ledgersupport.io is enough to expose that mail as a phishing attempt.
If people don't even check the senders address, then they can be bribed into doing anything via email. They would fall for the classical nigerian prince. Nothing you can do to help those people. They got to learn it the hard way.

Csmiami
Copper Member
Hero Member
*****
Online Online

Activity: 1022
Merit: 902


Yes, I consider myself to be hilarious


View Profile WWW
October 29, 2020, 10:29:27 PM
Merited by dkbit98 (1)
 #11

----
Even if I do agree with everything that has been said, most phishing attempts are usually generic and idiotic most of the times; in this particular case, attacks are targeted, because the scammers had access to the database of the company. And apart from that, there's many things on how the company has handled the situation that are questinable to say the least.

First of all, they did claim that only 9.500 out of 1.000.000 users had more than the email leaked; or that is what I understand here:

Quote from: Ledger
This is mostly the email address of our customers, approximately 1M addresses. Further to investigating the situation we have also been able to establish that, for a subset of 9500 customers were also exposed, such as first and last name, postal address, phone number or ordered products
This is, at least for me, hard to believe. Number seemed too low in comparison, but whatever. Then, there's this:

Quote from: Ledger
Those 9500 customers whose detailed personal information are exposed will receive a dedicated email today to share more details.
Surprise surprise; I've checked back all the emails Ledger sent me around that time, and besides the general email (saying the same that the blog entry says), I did not receive any "dedicated email", but what I have received is a SMS addressing me by the name I provided to the company at the time I made my only purchase to them. This leads me to believe that I was between those alleged 9.500 users, but was never notified.

Now, at no moment I'm saying that people shouldn't be careful when opening links and stuff, and I know there are many ways of getting somehow dedicated phishing attempts; mostly because bad internet browsing habits, but this is a different case. And again, we are not discussing the quality of the attempt.

I will also add that I'm seeking some legal advice to see if I can open a claim against Ledger for the way they've had handled things. First of all, I consider a company that sells hardware wallets should have an above average cybersecurity protocols/development/call it the way you want to call it. It's true that we are human and they can, as any other company can, get hacked and have customer data leaked; but the way they've handled it... that what really bothers me. Once I receive some kind of answer from my advisor, I will either simply update this post, or if there's something that can actually be done, I may create a whole thread just to let affected people know.
dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
October 29, 2020, 10:42:32 PM
 #12

People who are defending company Ledger in this case are probably paid shillers and should not be trusted at all.
Let's hope enough people will sue Ledger for not keeping data safe, and exposing all to hackers.
Their lack on care and privacy for customers can also be seen on their website that is full of adds and trackers:


https://themarkup.org/blacklight?url=www.ledger.com

I will also add that I'm seeking some legal advice to see if I can open a claim against Ledger for the way they've had handled things. First of all, I consider a company that sells hardware wallets should have an above average cybersecurity protocols/development/call it the way you want to call it. It's true that we are human and they can, as any other company can, get hacked and have customer data leaked; but the way they've handled it... that what really bothers me. Once I receive some kind of answer from my advisor, I will either simply update this post, or if there's something that can actually be done, I may create a whole thread just to let affected people know.

I fully support you here.
Better to react now than to wait for them to mess up something more serious like firmware for example.
They need to be much more serious, and not act like bunch of junkies from garage.

My conclusion is that I will never again recommend Ledger wallet to anyone, and will tell people to use alternatives like Trezor.

Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
October 30, 2020, 12:28:17 PM
 #13

Surprise surprise; I've checked back all the emails Ledger sent me around that time, and besides the general email (saying the same that the blog entry says), I did not receive any "dedicated email", but what I have received is a SMS addressing me by the name I provided to the company at the time I made my only purchase to them. This leads me to believe that I was between those alleged 9.500 users, but was never notified.
That is worrying. That can mean that they either don't know what was leaked and in what quantities, or they are lying about it so as not to cause further harm to themselves and potentially lose customers.

Another thought. Those official messages that Ledger sent to their users informing them about the security breach, could have been marked as spam by your email client. In that case they would be deleted by now. Hotmail, for example, deletes spam messages after 10 days, but I am not sure if they move them to the trash bin or if they get removed entirely. You say that you checked now, but a lot of time has passed. You don't remember seeing any at the time?  

I will also add that I'm seeking some legal advice to see if I can open a claim against Ledger for the way they've had handled things.
I would be interested to learn what you find out.

Csmiami
Copper Member
Hero Member
*****
Online Online

Activity: 1022
Merit: 902


Yes, I consider myself to be hilarious


View Profile WWW
October 30, 2020, 07:09:37 PM
 #14

That is worrying. That can mean that they either don't know what was leaked and in what quantities, or they are lying about it so as not to cause further harm to themselves and potentially lose customers.
Nothing that would actually surprise me; if the leak was of close to 1.000.000 customers, and EVERYONE was affected, can you imagine the bad press, and even panic that would come? It wouldn't matter that the wallet related information or stuff was still safe, they'd be facing many many loses.

Quote
Another thought. Those official messages that Ledger sent to their users informing them about the security breach, could have been marked as spam by your email client. In that case they would be deleted by now. Hotmail, for example, deletes spam messages after 10 days, but I am not sure if they move them to the trash bin or if they get removed entirely. You say that you checked now, but a lot of time has passed. You don't remember seeing any at the time?  
Altough possible, that is highly unlikely. I have a mail tab always open in one of the monitors I have, and I check every inbox everyday.
o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1442
Merit: 7453


Wear a mask, slow the spread


View Profile
October 31, 2020, 07:34:09 PM
 #15

Surprise surprise; I've checked back all the emails Ledger sent me around that time, and besides the general email (saying the same that the blog entry says), I did not receive any "dedicated email", but what I have received is a SMS addressing me by the name I provided to the company at the time I made my only purchase to them. This leads me to believe that I was between those alleged 9.500 users, but was never notified.
Possibly. Or possibly your email address was enough to de-anonymize you. Between publicly viewable information on Google, Facebook, Instagram, Twitter, LinkedIn, etc., and a variety of private database hacks and leaks, often an email address is more than enough to find all your personal details. Have you used that email elsewhere? Is it the same email you use for crypto exchanges or services in which you have completed KYC?

First of all, I consider a company that sells hardware wallets should have an above average cybersecurity protocols/development/call it the way you want to call it. It's true that we are human and they can, as any other company can, get hacked and have customer data leaked; but the way they've handled it... that what really bothers me. Once I receive some kind of answer from my advisor, I will either simply update this post, or if there's something that can actually be done, I may create a whole thread just to let affected people know.
I wish you luck, and I completely agree that Ledger should have better security in place, but I suspect you will get nowhere. There are plenty of far more egregious hacks, leaks, and vulnerabilities in the crypto space, including huge losses of money and losses of far more personal information, including KYC data and scanned documents, all of which have resulted in no action against the companies responsible. In terms of how Ledger handled it; what would you have had them do differently? As LeGaulois has said above, they took all reasonable steps following the breach.



This serves to highlight that your personal information is your responsibility. If you give it to anyone, even companies you trust or think you can trust, even security related companies, even huge reputable exchanges, you are putting it and yourself at risk.

Csmiami
Copper Member
Hero Member
*****
Online Online

Activity: 1022
Merit: 902


Yes, I consider myself to be hilarious


View Profile WWW
November 02, 2020, 03:39:17 PM
 #16

-----
Wooops, this post did slip trough the cracks, sorry for the late reply....

First of all, no; altough possible it's highly unlikely that the email used was enough to deanonymize me, as I use different addresses for personal and crypto stuff (addresses in plural) and never mix them up. I had never before used that email together with the phone number or the name I provided to Ledger, so I'm pretty confident that the leak came from them.

Now, I don't know how I would've handled that if I was Ledger, because I have little to no idea about personal data handling regulations. I know however, that if they claimed to only have 9500 affected users, and I was not between those users but now it turns out I am; there is something that they have not done correctly; and that's exactly what I'm after.
Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
November 05, 2020, 02:22:33 PM
 #17

Now, I don't know how I would've handled that if I was Ledger, because I have little to no idea about personal data handling regulations. I know however, that if they claimed to only have 9500 affected users, and I was not between those users but now it turns out I am; there is something that they have not done correctly; and that's exactly what I'm after.

I think Ledger manipulated the numbers a little (maybe a lot), and also that there may have been omissions when sending alerts via email. What is the case with me on Gmail (and confirmed by others) that many legitimate Ledger emails end up in a spam folder - did you perhaps check there? Of course now it's probably too late for that, because at least in the case of Gmail such emails are deleted automatically after 30 days.

As for the SMS, can you tell us from which network/country it was sent? Most smartphones have the function of blocking calls and messages from a certain number, maybe the attacker uses the same number so some could block it in advance.

Csmiami
Copper Member
Hero Member
*****
Online Online

Activity: 1022
Merit: 902


Yes, I consider myself to be hilarious


View Profile WWW
November 05, 2020, 03:17:11 PM
 #18

What is the case with me on Gmail (and confirmed by others) that many legitimate Ledger emails end up in a spam folder - did you perhaps check there? Of course now it's probably too late for that, because at least in the case of Gmail such emails are deleted automatically after 30 days.
Altough likely, it's quite improbable because I regularly, not to say daily, check all my inbox folders on every email.

Quote
As for the SMS, can you tell us from which network/country it was sent? Most smartphones have the function of blocking calls and messages from a certain number, maybe the attacker uses the same number so some could block it in advance.
I wish I could; I don't know if it's a feature from my phone or something the sender set up, but the only thing I see in the sender info is "LEDGER". No number, nothing else.
Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
November 06, 2020, 10:21:22 AM
 #19

What Lucius mentions is certainly possible. It would be interesting to see if there are more cases like Csmiami, where users never received that additional email from Ledger, but somehow ended up receiving spam/phishing SMS messages. And what are the email providers they used.

A few years ago at work, I stopped receiving work-related emails to one of my Hotmail accounts. Other colleagues who weren't using Hotmail, received them just fine. After discussing the issue with my team, I decided to switch from Hotmail to Yahoo, because most of them connected their Yahoo accounts. It never happened again.

When I was using Hotmail, the emails stopped coming altogether. They weren't sent to my spam folder. I didn't get them at all.      

Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
November 06, 2020, 11:40:33 AM
 #20

I wish I could; I don't know if it's a feature from my phone or something the sender set up, but the only thing I see in the sender info is "LEDGER". No number, nothing else.

I have to admit that it was quite naive of me to think that those behind this attempt at phishing would not protect themselves, and this is definitely possible if you use one of the many services that offer anonymous texting. Many years ago I used such services to prank my friends, and now they are used for some much more serious things. The option I have on my smartphone allows me to block all messages or calls coming from an unknown sender, but although it has its advantages, it can also block a completely legitimate call or message.

The only thing left for us is to be careful and not click on the links that come to us in SMS and e-mail messages - and more importantly know that we never enter the seed anywhere else except in the hardware wallet itself.

HCP
Legendary
*
Offline Offline

Activity: 1834
Merit: 3919

<insert witty quote here>


View Profile
November 07, 2020, 01:03:46 PM
 #21

Never received a "personal" notification from Ledger after the original hack... have not received any phishing emails or SMS messages recently (not even to my spam folder).

What I did receive was an email from Ledger with the subject heading "Ledger Security Alert: be cautious with phishing attempts", which (somewhat ironically) went to my spam folder Roll Eyes So, kudos to them for at least trying, I guess Roll Eyes


As a side note, to whomever it was considering legal action, unless you can prove "willful negligence", you're probably unlikely to succeed.

bL4nkcode
Copper Member
Legendary
*
Offline Offline

Activity: 2058
Merit: 1235


Cryptocurrency is the best Policy


View Profile
November 08, 2020, 06:07:13 PM
 #22

Never received a "personal" notification from Ledger after the original hack... have not received any phishing emails or SMS messages recently (not even to my spam folder).

What I did receive was an email from Ledger with the subject heading "Ledger Security Alert: be cautious with phishing attempts", which (somewhat ironically) went to my spam folder Roll Eyes So, kudos to them for at least trying, I guess Roll Eyes
Fortunately, had this the same, I tried to check my 2 emails used to purchased there since I purchased there more than 3 times but never received this phishing email, but I received an email on july regarding the e-commerce & marketing breach and this "Ledger Security Alert" just this oct. though in spam both.

███████████████████████████
███████████████████████████
████████▀         ▀████████
███████             ███████
███████             ███████
██████▀             ▀██████
█████▄         ▄██▄  ▄█████
██████████▀▀███████████████
████▀▄██▀    ▀ ▀██▀██▄▀████
████  ▀             ▀  ████
█████▄▄    ▄███▄    ▄▄█████
███████████████████████████
███████████████████████████
.CHIPS.!
▄▄▀▀▀█████████▄▄
██▄███████████████
█▄████████████████
██████████████████
▄█▀▀▀██████████████▄
█▄▄██████████████████
▀████▀██████▀ ▄▀█▀
██ ▀▀███▀ ▄▀▄██
███
████████▀▄█████
▄███████████████▄
▀████████████████▀
▀██████ ████▀▀

▄▄██████ ███ ██████▄▄
RAKEBACK       
AVAILABLE
!
The Ultimate Crypto Casino
10 CRYPTOCURRENCIES
   ▄█████████████▄     ▄▄▄
  █████████████████   █████
  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀███▀
▄███████████████████▄   ▄
███▀             ▀███   █
███ ▐██▌ ███ ▐██▌ ███   █
███ ▐██▌ ███ ▐██▌ ███ ▀▀▀
███▄             ▄███
▀███████████████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
  ███████████▀▀▀███
  ███████████▄▄▄███
  ▀███████████████▀


▄███████████▄
██  █████████
██  █████████
█████▀ ▀█████ █████▄
████ ▄█▄ ████ ██████
████ ▀█▀ ████ ██████
█████▄ ▄█████ ██████
█████████  ██ ██████
█████████  ██ ██████
▀███████████▀ ██████
       ▄▄▄▄▄▄███████
       █████████████
       ▀███████████▀




dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
November 09, 2020, 01:03:25 PM
Merited by o_e_l_e_o (2)
 #23

I am now hearing reports from people that say that Affiliate DB is also leaked!
One man reported that he used separate unique email for Ledger affiliate program, and he received phishing emails.
Marketing DB - leaked
e-commerce DB - leaked
Affiliate DB - leaked.
https://www.reddit.com/r/ledgerwallet/comments/jqiftv/this_is_unbelievable_a_new_ledger_leak_that_was/

HCP
Legendary
*
Offline Offline

Activity: 1834
Merit: 3919

<insert witty quote here>


View Profile
November 09, 2020, 11:40:21 PM
 #24

As far as I can see, the company has not confirmed nor denied this... and I don't see any other users claiming that their affiliate info was leaked. Having said that, on the balance of probabilities, I'd say it was probably likely that it did happen, especially if all their systems were integrated Undecided

Given that they have admitted the other data was leaked, I see no reason for Ledger to deny that the affiliate data was leaked if it did indeed happen. I would assume they are busy investigating this claim. Hopefully they can make a statement at some point in the (very) near future to clarify the status of this data, so users can be advised and take any necessary precautions.

I feel for the folks currently getting spammed with scam text message "alerts"... must be alarming receiving a text with your full name claiming you've sent a transaction that you didn't, with a link to a website registered in your local region! Shocked Shocked

This entire episode has been a complete PR disaster for Ledger... their (normally) overworked and "slow" support is now pretty much completely swamped with requests to delete personal data (which don't seem to be being actioned)... and this is all down to what Ledger are claiming was a "misconfigured, Third Party API key". Going to take them years (if at all) to regain the trust of a lot of users.

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1442
Merit: 7453


Wear a mask, slow the spread


View Profile
November 10, 2020, 10:04:48 AM
 #25

More reports across Reddit of users who either were supposedly not part of the 9,500 affected individuals from the previous data leak, or users who used unique email addresses for affiliation and marketing reasons, all getting targeted phishing emails. A little bit of digging also found this comment from a Ledger staff member:

Hello,

As soon as we discovered the data breach in July 2020, we patched it.

Since then, we lead two penetration tests with a third party consultancy to verify and improve the security of your data.

We did not encounter a new data breach since July.

As said in another post, two weeks ago, we've been made aware that some of our customers are being targeted by phishing attempts. Some of these customers were not part of the 9,500 individuals for whom we know that data other than email were also exposed, such as first and last name, postal address, phone number or ordered products. In the current state of our knowledge, It is not technically possible to state the exact scope of the leak of this detailed data.

Hope It helps.

So, in the absence of any evidence of a further data breach, it looks like the July data breach was much larger than they initially thought. It is more than a little concerning that they "cannot state the exact scope of the leak of this detailed data". They have no idea what has been breached.

Between the unpatchable Trezor vulnerability, and this extensive Ledger leak, I'm close to giving up on hardware wallets altogether. Most of my funds are on airgapped, encrypted, cold storage, but that just isn't an option for your average Joe, at least not until they've been involved in crypto for a while and understand the process and risks. What can we recommend for newbies that is more secure than a software wallet but still straightforward and easy to use?

And I'll repeat my advice regarding this kind of thing that I've said before: If you have given personal details, email addresses, name, telephone number, physical address, etc. to any crypto company, do yourself a favor and look at their Terms and Conditions and Privacy Policy and figure out how to request that they delete it.

Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
November 10, 2020, 10:33:07 AM
 #26

I feel for the folks currently getting spammed with scam text message "alerts"... must be alarming receiving a text with your full name claiming you've sent a transaction that you didn't, with a link to a website registered in your local region! Shocked Shocked
If the hackers have full names of Ledger users, I wonder why they didn't use full names when sending out those phishing emails. They used only the first name. When services like your bank or PayPal contacts you, they always address you with the full name.

What can we recommend for newbies that is more secure than a software wallet but still straightforward and easy to use?
I wouldn't give up on hardware wallets just yet. Sure, it sucks having your data leaked. I would recommend purchasing hardware wallets with crypto. At least that would prevent having your bank/card details leaked. Shipping it to your place of work instead of to your own home is also not bad. Buying a burner phone or secondary SIM card whose number you would use to pick up the package is also an option.   

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1442
Merit: 7453


Wear a mask, slow the spread


View Profile
November 10, 2020, 11:14:45 AM
 #27

I would recommend purchasing hardware wallets with crypto. At least that would prevent having your bank/card details leaked. Shipping it to your place of work instead of to your own home is also not bad. Buying a burner phone or secondary SIM card whose number you would use to pick up the package is also an option.
I have multiple hardware wallets (and some other bitcoin related products) from multiple companies. I purchased all of them using well-mixed bitcoin, with a disposable email address, a fake name, and shipped them to a drop off point where I picked them up from. I have zero concern about my details being leaked - indeed, I haven't even checked to see if the fake name and email I used with Ledger showed up in their breach (I think I could probably still find the log in to the email backed up on an external hard drive somewhere, but I certainly don't remember it having not used it for several years).

However, none of that is newbie friendly.

"Use disposable email addresses, create a fake identity, find a neutral shipping location you can pick up from, and make sure the bitcoin you buy with is anonymized" is not newbie friendly.
"Find an old computer, physically remove the WiFi card, keep it airgapped forever, format it, install Linux, encrypt the whole disk, install a wallet on it, and then export the xpub to create a watch only wallet" is not newbie friendly.

"Buy a hardware wallet and plug it in" is newbie friendly. "Download this piece of software" is newbie friendly. However, neither of those seem particularly secure any more.

dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
November 10, 2020, 12:42:12 PM
Last edit: November 10, 2020, 01:18:24 PM by dkbit98
 #28

I have multiple hardware wallets (and some other bitcoin related products) from multiple companies. I purchased all of them using well-mixed bitcoin, with a disposable email address, a fake name, and shipped them to a drop off point where I picked them up from. I have zero concern about my details being leaked - indeed, I haven't even checked to see if the fake name and email I used with Ledger showed up in their breach (I think I could probably still find the log in to the email backed up on an external hard drive somewhere, but I certainly don't remember it having not used it for several years).

However, none of that is newbie friendly.

I have done something similar like you, so it's almost impossible that someone connects me, or my address and phone number with my hardware wallet, but I am a privacy freak.

Majority of people who purchased Ledger are newbies, and they just visited website, registered and left real name, real phone number and real address.
Now we see reddit and internet blowing up with customer complains and Ledger reputation is ruined forever.
Maybe they will give wallets for free soon to attract new users Cheesy

I will have to write a Guide - How to buy a Hardware Wallet the right way

Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 740
Merit: 580



View Profile
November 10, 2020, 06:56:02 PM
 #29

I also received emails from "Ledger".  I didn't even buy anything and simply asked a few questions using one of my Tutamail accounts via TOR.   Those don't come back to me but sure enough those phishing emails were sent to me there.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
HCP
Legendary
*
Offline Offline

Activity: 1834
Merit: 3919

<insert witty quote here>


View Profile
November 10, 2020, 11:25:17 PM
 #30

I also received emails from "Ledger".  I didn't even buy anything and simply asked a few questions using one of my Tutamail accounts via TOR.   Those don't come back to me but sure enough those phishing emails were sent to me there.
That's expected... given that the "marketing" DB was leaked as well as the "customer" DB. If they had your email at any stage, you were likely on the "mailing list" Undecided


So, in the absence of any evidence of a further data breach, it looks like the July data breach was much larger than they initially thought. It is more than a little concerning that they "cannot state the exact scope of the leak of this detailed data". They have no idea what has been breached.
This is probably the most disconcerting thing. They don't really appear to have any idea of what exactly was leaked. Undecided


At least they finally seem to be starting to "get it":
...
We know we fucked up, we try to get it right for you.

Although, I doubt there is realistically much they can do to "get it right" for the affected users. The proverbial horse has bolted, so the data is out there... It's not like Ledger can "undo" this. Undecided

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1442
Merit: 7453


Wear a mask, slow the spread


View Profile
November 11, 2020, 08:43:27 AM
 #31

At least they finally seem to be starting to "get it"
The comment two below that highlights my concerns from above though:

Some didn't receive that specific email because the logs we have in our possession show that 1M emails leaked plus 9500 more detailed personal info.

So they have no idea the full scope of the data breach. They can only prove that 9,500 customers had their full details leaked, but the flurry of reports of people being targeted by phishing messages who did not receive the email sent to those original 9,500 customers suggests that this number is actually far higher, but nobody knows how high. Their entire database could have been leaked for all we (or they) know.

This must be a real let down for the engineers and programmers working on the actual devices (which I still like), that some idiot who can't encrypt a database properly has ruined the entire company's reputation.

Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
November 11, 2020, 02:08:16 PM
 #32

Although, I doubt there is realistically much they can do to "get it right" for the affected users. The proverbial horse has bolted, so the data is out there... It's not like Ledger can "undo" this. Undecided

Ledger can only try to reduce the damage by trying to make the job of hackers as difficult as possible. In this regard, I received this e-mail today (and I assume that others will receive it as well). Now we can only wonder if it is just one hacker who has this database, or the database has already been sold and used by multiple individuals. One hacker, just one copy of the database, and one wrong step by that same hacker would be the ideal combination to get Ledger out (somewhat) of this situation.

Quote

Dear client,

Ledger users are under attack and targeted by a phishing scam (here is a link to understand the anatomy of a phishing attack).

Kraken Security Lab has done a great job at describing what’s going on and we appreciate their help in this matter :

https://blog.kraken.com/post/6746/ledger-phishing-scam-targets-crypto-hardware-wallet-users/

Today, we want to let you know that Ledger is fighting hard to defeat the scammers.

But we also want to let you know that we’ll be stronger together.

Help us #StopTheScammers

The two main ideas you should leave with after reading this post are :

    Never share your 24 words with anyone.
    Help us take the scammers websites down.

The best way to stop the scammers is to take their websites down as quickly as possible. Here's how you can help:

    Spread the word: talk to your friends and your communities and let them know that they must never share their 24 words with anyone under any circumstances, Ledger will never ask for their 24 words. No one should ever ask you for your 24 words… It’s something that you must absolutely keep for you.
    If you have received a phishing attempt or if you are aware of an illegal website, like the ones above, please report it to Google Safebrowsing. The more we report these illegal websites to Google, the more difficult it will be for scammers to deceive our Ledger users.
    If you have received a phishing attempt, you can file a complaint with your local criminal authority.

Phishing scams are one of the critical problems in cybercrime. The Ledger community will be better protected if we all work together.

When you find a scam, report it to the community: #StopTheScammers

We understand the stress and uncertainty these phishing attacks may be causing you. We want to assure you that our team is doing everything in our power to stop these attacks.

What is our team doing ?

    Members of our Donjon security team are continuously tracing the scammers' new website URLs, so that we can  share the necessary technical information for the relevant authorities
    Managing and updating an on-going criminal complaint through the French Public Prosecutor to enable the police force to identify and prosecute those responsible.
    Subpoena requests have been sent in the US and in France to obtain from the internet intermediaries and communications operators full disclosure of the identity of the responsible.
    Reaching out to international cyberdefense organizations to bring the case to their knowledge. This is a way to increase the magnitude of this complaint by using these international cyberdefense organizations enormous and transnational capabilities.
    Our brand protection internal and external teams are reporting illegal  websites to abuse contact of the registrars. Within the last few weeks, 87 websites have been reported and 42 shutdowns. Some registrar fail to be reactive which explains why websites are still active despite Ledger notifying them several times following the abuse procedure.
    Communicating with our customers and community, answering thousands of questions and updating users with new information as it is available through our support center, Twitter, Facebook, email, Reddit, etc.


We will be stronger together.

#StopTheScammers

Pascal Gauthier

CEO at Ledger

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1442
Merit: 7453


Wear a mask, slow the spread


View Profile
November 11, 2020, 02:18:47 PM
 #33

Now we can only wonder if it is just one hacker who has this database, or the database has already been sold and used by multiple individuals.
Has there been any evidence of the database being sold? I remember there was a supposed hack back in May, where details of both Ledger and Trezor customers was purportedly up for sale, but it turned out to be a fake. Conversely, I don't remember ever seeing anything suggesting this database has been put up for sale anywhere.

Having said all that, I also haven't seen a single report on here or on Reddit or a user falling victim to these phishing messages yet. Perhaps Ledger's preemptive emails have worked.

LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 1946
Merit: 2428

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
November 11, 2020, 05:54:17 PM
 #34

@o_e_l_e_o

The person would be a bit dumb to resell it several times, at least right now. Competition is never good.
This is what they usually do once they have abused the database enough. Probably the person will start next to send emails about stupid airdrops and co.
Anyway, you will notice when more persons have the database when you get spam daily (or more spam than usual).

About people victims of this campaign. I saw a person who lost money with the trap, unfortunately. And the hacker collected over 100 BTC already

@Lucius

Thanks for posting. It will avoid people here saying Ledger's doing nothing  Roll Eyes

Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
November 12, 2020, 10:44:27 AM
 #35

Now we can only wonder if it is just one hacker who has this database, or the database has already been sold and used by multiple individuals.
Has there been any evidence of the database being sold?
The only way to know is by checking underground onion sites and hacking forums where things like this are usually distributed and sold. Whoever has the data will not let the general public know. If I was interested in deep internet marketplaces, that's where I would check.   

Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
November 12, 2020, 10:59:40 AM
 #36

Has there been any evidence of the database being sold?

So far there is no such evidence, and from what I have read Ledger is using the services of Orange Cyberdefense which tries to find any evidence that the database has been sold or is being sold on the black market.

Meanwhile, Ledger said France’s Data Protection Authority, the CNIL, was notified about the breach on July 16. The firm is also working with the Orange Cyberdefense (OCD) to find any evidence of the stolen data being sold online.

Having said all that, I also haven't seen a single report on here or on Reddit or a user falling victim to these phishing messages yet. Perhaps Ledger's preemptive emails have worked.

There are always those who will believe in anything, we all know that phishing has been an effective way before, and I have no doubt it is not even more effective when targeting users on a personal level. Of course, there are differences in that everything is not left to the users, and that Ledger is maximally involved in the whole thing. I think this is too big thing to stay at lower levels of investigation, and that sooner or later the person or persons behind this will be discovered.



@Lucius
Thanks for posting. It will avoid people here saying Ledger's doing nothing  Roll Eyes

You're welcome, but I doubt it will help that someone doesn't accuse us of being part of the Ledger gang Wink

dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
November 13, 2020, 08:39:21 AM
Last edit: November 13, 2020, 08:59:09 AM by dkbit98
 #37

Ledger is worst crypto company I ever saw in my life and only novel writers here in their bubble supports them after all we seen.
This is how Ledger 'fixes' things in translation means - doing nothing:



What you see here is one more stupid Ledger wallet app bug that shows unreal spikes your portfolio at beginning of each month.
Everyone including Ledger developers are aware of this bug for several months and maybe even a year, but they keep ignoring it and delaying fix.
This is how they (not) fix everything in Ledger...  Roll Eyes

I am not using Ledger app all the time, but when I need to update I always look at this spikes  Cheesy

Let's see how 'effective' Ledger is:

Quote
Ledger database compromised ?
Before you down-vote me into oblivion please read carefully.

After reading all this security chaos I decided to email ledger about deleting my personal information.(yesterday)
I did not make any purchases or had any type of contact with ledger for over 2 years now and the email I used for previous purchases I used ONLY for ledger.com
I should mention that I was not affected from the previous ledger data leaks.

In anticipation of having a reply from ledger about my personal information, Today i logged in to this email and received so far 2 scam messages.

Which leads me to believe their entire database right now is compromised. I never got a reply from ledger and from what I read around here I should not expect any.

Take care.
https://www.reddit.com/r/ledgerwallet/comments/jt04h8/ledger_database_compromised/
archive: https://archive.vn/N8ERi


Quote
Is moving home the only way to feel sort of safe again after Ledger leaked my home address to criminals?
I’m serious, I am worried for my families well being. I look online at home security devices and best legal weapons to keep at home. This hack has screwed with me mentally and I want to be compensated. Is there a lawyer already on the case?
https://www.reddit.com/r/ledgerwallet/comments/jt4jew/is_moving_home_the_only_way_to_feel_sort_of_safe/
archive: https://archive.vn/3Mz1H

Quote
Never got notified of Ledger security breach
I bought a ledger in May. I then got a phishing text Sunday which I knew was a scam, and then an email today from Ledger warning about phishing attacks.

Researching this today I see that this breach occurred months ago and I read their statement about how they were notifying everyone and doing many steps to make their systems more secure.

I was clearly in the batch of the lucky 9,000 (not sure I even trust that number now) who had not just their email but all their contact details leak and yet got notification.

Right now my confidence in ledger is at a zero, considering they couldn’t even handle notifications correctly after a security breach.
https://www.reddit.com/r/ledgerwallet/comments/jsalq8/never_got_notified_of_ledger_security_breach/
archive: https://archive.vn/fZM5F

Quote
Compensation in EU

In EU, the GDPR gives a right to claim compensation from an organisation if you have suffered damage as a result of it breaking data protection law, which includes breaches. This does require the person to have suffered “material damage” (e.g. you have lost money) or “non-material damage” (e.g. you have suffered distress).

I've been getting phishing messages from fake 'Ledger' numbers, using my real name and phone number, so I am assuming that they know my personal address as well and this is a pretty big deal, since now I have to worry that someone can physically rob me, knowing I have a Ledger, which is obviously causing 'non-material damage', e.g. distress.

According to ICO (https://ico.org.uk/your-data-matters/data-protection-and-journalism/taking-your-case-to-court-and-claiming-compensation/), before taking the case into court, you can agree for compensation with the company, and I was wondering if anyone has spoken to Ledger about this yet?

I am genuinely considering going to court with this though, to be honest.
https://www.reddit.com/r/ledgerwallet/comments/js6o9n/compensation_in_eu/
archive: https://archive.vn/PK0xB

Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
November 13, 2020, 11:08:42 AM
 #38

@dkbit98
They have caused a huge shitstorm, and one that they will have a very hard time to recover from. If the first user you quoted is telling the truth, it means that their database is being leaked even now as we speak. How else can you explain that the user has not received any phishing messages in the past, and was originally not affected by the leak, until he emailed them? Only then he started receiving phishing messages.

It can be either a huge coincidence and that his details were leaked together with the other users in the July hack, and the hackers only now found the time to contact him, or his info was leaked after he sent that email a few days ago.

jerry0
Full Member
***
Offline Offline

Activity: 1274
Merit: 143


View Profile
November 27, 2020, 06:09:31 AM
 #39

How many people here got that phishing email?  I checked my email and don't see it.  So it affect one percent of the nano ledger users database?


Also in an article it was said that this phishing lead to many users losing their crypto... especially ripple.  Can someone explain this?  So the phishing email tricked users into downloading a fake ledger live or was it some other program?  Then how did users lose their ripple then which i heard was the main coin that was lost here?  Am i assuming those users typed their ledger seed into the software?


Because since nano ledger is a hardware wallet, even if your computer is compromised as in virus/malware/keylogging, doesn't the seed as long as its not typed in the computer somewhere still safe?
bob123
Legendary
*
Offline Offline

Activity: 1610
Merit: 2424



View Profile WWW
November 27, 2020, 12:07:03 PM
 #40

How many people here got that phishing email?  I checked my email and don't see it.  So it affect one percent of the nano ledger users database?

We don't have exact numbers.
But it seems like a not too small percentage is affected.

I, personally, didn't receive any mail either.



Also in an article it was said that this phishing lead to many users losing their crypto... especially ripple.  Can someone explain this?  So the phishing email tricked users into downloading a fake ledger live or was it some other program?  Then how did users lose their ripple then which i heard was the main coin that was lost here?  Am i assuming those users typed their ledger seed into the software?

Possible.
Basically, they either downloaded malware which asked them to enter the mnemonic code or created a transaction which the user blindly accepted (for whatever reason) or they entered the mnemonic code somewhere online.



Because since nano ledger is a hardware wallet, even if your computer is compromised as in virus/malware/keylogging, doesn't the seed as long as its not typed in the computer somewhere still safe?

Yes, that's correct.
If you follow the basic guidelines (e.g. not typing your mnemonic into malware), you are fine.

Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
November 27, 2020, 12:11:02 PM
 #41

@jerry0
The mails might have gotten into your spam folder. Unless you check it regularly, they get deleted after a week or two, depending on the client.
It is just a coincidence that users lost XRP. That coin is surely not targeted for some reason.
Yes, users received a link telling them to download a new version of the software. Once installed, it asked users to enter their 24-word seeds. Those who did, sent their seed to the hackers.

Your seed and private keys are kept on your hardware wallet, even if your computer is compromised. Nobody can access assets on a crypto wallet remotely because they need to to confirm transactions by pressing the buttons on the hardware device. This can only be done by the person in possession of the wallet, not via the Internet.  

bob123
Legendary
*
Offline Offline

Activity: 1610
Merit: 2424



View Profile WWW
November 27, 2020, 12:26:37 PM
Merited by o_e_l_e_o (2)
 #42

It is just a coincidence that users lost XRP. That coin is surely not targeted for some reason.
Yes, users received a link telling them to download a new version of the software. Once installed, it asked users to enter their 24-word seeds. Those who did, sent their seed to the hackers.


The attack:
  • A phishing mail targeting badly informed user to retrieve a hardware wallet mnemonic code.
The targeted Coin:
  • A coin which is a fully centralized shitcoin no sane and informed person would buy.


There might be some correlation  Grin

LTU_btc
Legendary
*
Offline Offline

Activity: 2114
Merit: 1047



View Profile WWW
November 28, 2020, 07:24:29 PM
 #43

Few days ago I also got almost same email. Only diference from message in OP is sender address is legdersupport.com and number of customers is changed from 85 000 to 81 000. I almost immediately realised that something is wrong with this message because it was in my spam folder, while usually messages from Ledger is shown in my main folder.
Anyway, it's very typical phishing attack, not the primitive one, but not the most sophisiticated. Only difference  that they used database from Ledger to send these emails, while usually such data is collected from other sources, like phishing websites, sold email databases and etc.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
▄▄▀▀▀▀▀▀▀▀▀▄▄
▄█▀▄▄▀▀█▀▀▀█▀▀▄▄▀█▄
▄█▀▄▀▀█ ▄█▄▄▄█▄ █▀▀▄▀█▄
▄▀▄██▄▄▀▀▄▄ ▀▄▄▀▀▄▄██▄▀▄
▄█ ████ ███▌▐███ ████ █▄
█ ████ ████ ███ ████ ████ █
█ ████ ███ ▄▄▄▄▄ ███ ████ █
█ ████ █▀▄█▀▀▀▀▀█▄▀█ ████ █
▀█ ████ ██ ▄▀▀▀▄ ██ ████ █▀
▀▄▀██▀█▄▄ ▀▀▀▀▀ ▄▄█▀██▀▄▀
▀█▄▀█▄▄▀▀█████▀▀▄▄█▀▄█▀
▀█▄▀▀██▄▄▄▄▄██▀▀▄█▀
▀▀▄▄▄▄▄▄▄▄▄▀▀
OFFICIAL
BETTING
PARTNER
.INSTANT & FAST..
.TRANSACTION.....
.PROVABLY FAIR..
......& SECURE......
.24/7 CUSTOMER.
.............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
November 29, 2020, 11:43:46 AM
 #44

Few days ago I also got almost same email.

I haven't received anything yet (email or SMS) yet, but even if that happens we all know that the danger exists only for those unfamiliar with the basics. I don't think most users will even see such e-mails because, as in your case, they usually end up in a spam folder - and when it comes to text messages, most smartphones have the option to block calls or messages from unknown numbers - which is not only useful in this case, but generally if you receive a lot of SMS spam.



Recently there was news that as many as 23 600 databases were publicly available for several hours to download, so although it is not directly related to Ledger hack - check your accounts and change passwords if necessary.

Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
November 29, 2020, 07:45:06 PM
 #45

New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

This is how it looks:
 

bob123
Legendary
*
Offline Offline

Activity: 1610
Merit: 2424



View Profile WWW
November 30, 2020, 11:00:57 AM
 #46

~snip~

Wow.. people have to be extremely uninformed to fall for something like that.. @ledger.com-e8-encryption-s24.email-n2-alert.app.. really?  Grin

People who still think there are "ledger accounts" with a hardware wallet.. are lost.
They will get compromised. Maybe not with this phishing mail, maybe not with the next.. but with some other in the future..

btcwish1
Full Member
***
Offline Offline

Activity: 393
Merit: 108


View Profile
November 30, 2020, 01:28:08 PM
 #47

New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

This is how it looks:
 

Yes I got this email as well.

I am worried that some newbies of hardware wallet may fall for this type of email. I have seen lot of phishing emails before from different companies but these ledger phishing emails really do like original!
Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
November 30, 2020, 01:36:42 PM
 #48

Is there even something that resembles device authorization in the account settings on Ledger Live? I don't have access to the PC I have Ledger Live installed on at the moment so I can't check. I know Ledger is compatible with the Fido U2F app. Maybe they are asking users to disable login access to other devices. I haven't used the U2F app so not sure how it works.

dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
November 30, 2020, 01:49:42 PM
Last edit: November 30, 2020, 02:10:43 PM by dkbit98
 #49



I am reading one 'nice' thank you letter from one of the ledger customers on reddit:

Quote
Thank you Ledger
Since the loss of personal data by Ledger this summer, I have received numerous emails trying to gain access to my ledger.

Couple of days ago, I first got a text claiming a breach of the ledger and an additional link. Which makes it very clear where this data came from... I've seen a post with the same text on this page before.

I would like to take this opportunity to thank the Ledger team for taking good care of the personal data that they receive, especially since they operate in such a sensitive market (finance) and the fact that they informed numerous malicious actors that I have a ledger and probably some crypto, and my email, phone number and possibly home address.

Hey at least I got some sort of apology I guess.

Thank you Ledger.
https://www.reddit.com/r/ledgerwallet/comments/k3vp08/thank_you_ledger/

Quote
Hackers are now sending google maps link of your home address! 👀 to scare more people


New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

I expect to see more attempts like this from hackers to pair growing discounts from ledger.
They need new customer data as soon as possible.

btcwish1
Full Member
***
Offline Offline

Activity: 393
Merit: 108


View Profile
December 04, 2020, 01:49:03 PM
Last edit: December 05, 2020, 06:55:02 PM by btcwish1
 #50

Yet another phishing email today. it is just not stopping:


ETFbitcoin
Legendary
*
Offline Offline

Activity: 2016
Merit: 3209


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
December 05, 2020, 12:19:55 PM
 #51

Is there even something that resembles device authorization in the account settings on Ledger Live? I don't have access to the PC I have Ledger Live installed on at the moment so I can't check. I know Ledger is compatible with the Fido U2F app. Maybe they are asking users to disable login access to other devices. I haven't used the U2F app so not sure how it works.

No, but it sounds convincing for people who don't know/remember how ledger hardware wallet/ledger live works.

Yet another phishing email today. it is just not stopping:

--snip--

Your screenshot expose your own email address, remove them if you don't want more spam.

suchmoon
Legendary
*
Offline Offline

Activity: 2828
Merit: 6727


https://bpip.org


View Profile WWW
December 06, 2020, 12:01:09 AM
 #52

My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

Csmiami
Copper Member
Hero Member
*****
Online Online

Activity: 1022
Merit: 902


Yes, I consider myself to be hilarious


View Profile WWW
December 06, 2020, 12:03:17 PM
Last edit: December 06, 2020, 07:16:56 PM by Csmiami
 #53

My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

Haven't you heard? New Ledger devices will come with a camera for face ID and a fingerprint scanner for fingerprint ID too!




Shouldn't have joked about that; now I have received that same SMS....

Funny thing is it's been sent by KYC, not by LEDGER (like the previous one)
suchmoon
Legendary
*
Offline Offline

Activity: 2828
Merit: 6727


https://bpip.org


View Profile WWW
December 06, 2020, 01:37:50 PM
 #54

Haven't you heard? New Ledger devices will come with a camera for face ID and a fingerprint scanner for fingerprint ID too!

I thought the device itself is a disguised anal probe so I got very excited... alas, they just wanted me to tap a very legit-looking link like ledger.com-send-us-all-your-personal-data-and-perhaps-your-seed-too-123456.app

dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 06, 2020, 02:28:32 PM
 #55

My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

They asked politely.
Your best solution for this 'KYC' is to change your phone number, and maybe change your name and address if there is some special witness protection program Smiley

Check out this recent comment on reddit, that makes me think how (not) secure their system still is, and maybe all this hack stuff was some inside job:

Quote
Hello, first time poster but I think this might be relevant.

I first bought a ledger nano s about two years ago and was probably not among the people that had their data leaked this summer as I never received spam/phishing messages (neither by email or sms).

Last week, during black friday I decided to pick up another ledger as backup. I took some precautions such as using an alternative email and old phone number that I barely use.

The info is completely different from the first time a bought a ledger (even the address and payment method was different).

Today, I checked for the shipping tracking on the email used specifically for the purchase. In the spam folder, I notice there was that scammy ledger message ("download the update here"). Obviously, I immediately deleted the message.

If scammers had access to my email, it means that ledger must still be leaking data as they didn't have this specific info 7 days ago.

Can Ledger please confirm this? It would be nice to know if our private data continues to be handled poorly.

Quote
You are not the first to claim real time data leaks. This is insane! They are too busy moderating this subreddit of legitimate privacy concerns than to handle shit on their end to make sure these leaks aren't occurring. Wtf do they even use for their e-commerce?? They need to be made aware of this asap as they are equally responsible.
https://www.reddit.com/r/ledgerwallet/comments/k7t6wy/is_ledger_still_leaking_data/

I will do my own testing to confirm this with new temp email.

LTU_btc
Legendary
*
Offline Offline

Activity: 2114
Merit: 1047



View Profile WWW
December 06, 2020, 11:15:21 PM
 #56

New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.
This is how it looks:
https://i.imgur.com/LwRt23i.png
I also got similar message recently with few differencies, now they used French IP address. Yeah, it redirect to Google Docs, where link to website which claims to be Ledger.com is uploaded. But actually, it's half-broken phishing website with most of links not working.
BTW, I'm not sure that this email is related with database from Ledger. It might be just another common phishing email that we get almost daily from all kind of websites.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
▄▄▀▀▀▀▀▀▀▀▀▄▄
▄█▀▄▄▀▀█▀▀▀█▀▀▄▄▀█▄
▄█▀▄▀▀█ ▄█▄▄▄█▄ █▀▀▄▀█▄
▄▀▄██▄▄▀▀▄▄ ▀▄▄▀▀▄▄██▄▀▄
▄█ ████ ███▌▐███ ████ █▄
█ ████ ████ ███ ████ ████ █
█ ████ ███ ▄▄▄▄▄ ███ ████ █
█ ████ █▀▄█▀▀▀▀▀█▄▀█ ████ █
▀█ ████ ██ ▄▀▀▀▄ ██ ████ █▀
▀▄▀██▀█▄▄ ▀▀▀▀▀ ▄▄█▀██▀▄▀
▀█▄▀█▄▄▀▀█████▀▀▄▄█▀▄█▀
▀█▄▀▀██▄▄▄▄▄██▀▀▄█▀
▀▀▄▄▄▄▄▄▄▄▄▀▀
OFFICIAL
BETTING
PARTNER
.INSTANT & FAST..
.TRANSACTION.....
.PROVABLY FAIR..
......& SECURE......
.24/7 CUSTOMER.
.............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
December 07, 2020, 10:09:12 AM
 #57

I will do my own testing to confirm this with new temp email.
I was curious about the same thing so I already did this two days ago.

I created a new email address and I signed up to their affiliate program on the main website. I also signed up to their newsletter. I placed a Ledger device in the shopping cart and entered my email address. I didn't finalize the purchase but the email address was added and TOS accepted, etc. Now I am waiting to see if any phishing mails will arrive.

I just checked the email address and there was only 1 new email sent from their Newsletter department telling me about the Ledger Academy, Ledger Blog, etc. No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 07, 2020, 12:21:15 PM
 #58

I created a new email address and I signed up to their affiliate program on the main website. I also signed up to their newsletter. I placed a Ledger device in the shopping cart and entered my email address. I didn't finalize the purchase but the email address was added and TOS accepted, etc. Now I am waiting to see if any phishing mails will arrive.

I did the same thing because I don't fully trust what other people say or write and I like to confirm for myself.

Now I am just waiting to see if hackers will send me something to play with or not.

bob123
Legendary
*
Offline Offline

Activity: 1610
Merit: 2424



View Profile WWW
December 08, 2020, 09:30:50 AM
 #59

No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

That's to be expected.

To be honestly.. if there would be an ongoing leak a.k.a. the attacker still have control over their systems, ledger would have proven to be the worst company in terms of customers data protection.

I really can't imagine that their server are still compromised, that would require some exceptionally bad incident response. Guess that's not impossible tho..

Stalker22
Sr. Member
****
Offline Offline

Activity: 560
Merit: 395



View Profile
December 08, 2020, 08:13:44 PM
 #60

No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

That's to be expected.

To be honestly.. if there would be an ongoing leak a.k.a. the attacker still have control over their systems, ledger would have proven to be the worst company in terms of customers data protection.

I really can't imagine that their server are still compromised, that would require some exceptionally bad incident response. Guess that's not impossible tho..


I guess there's always the possibility of something being overlooked (the baddies are always so ingenious), for example: man-in-the-middle attack or even some sort of 'inside job'. As in the recent twitter case.
They may not even know they are leaking data. Purely speculation on my part, of course...


        ▄▀▀▀▀▀▀   ▄▄
    ▄  ▄▄▀▀▀▀▀▀▀▀▀▄▄▀▀▄
  ▄▀▄▀▀             ▀▀▄▀
 ▄▀▄▀         ▄       ▀▄
  ▄▀         ███       ▀▄▀▄
▄ █   ▀████▄▄███▄       █ █
█ █     ▀▀▀███████▄▄▄▄  █ █
█ █       ██████████▀   █ ▀
▀▄▀▄       ▀▀█████▀    ▄▀
   ▀▄        ▐██▄     ▄▀▄▀
  ▀▄▀▄▄       ███▄  ▄▄▀▄▀
    ▀▄▄▀▀▄▄▄▄▄████▀▀ ▄▀
       ▀   ▄▄▄▄▄▄▄
.
█ █▀█ █▀█ █▀█  ▄  ▄▀▀ █   ▄▀█ ▀█▀ ▄▀▀ ▄███▄
█ █▀█ █ █ █ █ ▀█▀ ▀▀█ █   █ █  █  ▀▀█ ▀███▀
█ █▄█ █▄█ █▄█     ▄▄▀ ▀▄▄ █▄▀  █  ▄▄▀   
                                        █
████████████████████████████████████ 
███▀▀▀▀▀▀██████▀▀▀▀▀▀██████▀▀▀▀▀▀███ 
█▀▄██▀███▄▀██▀▄██▀███▄▀██▀▄██▀███▄▀████▄
█ █ ▀ ▀███ ██ █ ▀ ▀███ ██ █ ▀ ▀███ █████
█ ██    ▄█ ██ ██    ▄█ ██ ██    ▄█ █████
█▄▀██  ▀█▀▄██▄▀██  ▀█▀▄██▄▀██  ▀█▀▄████▀
███▄▄▄▄▄▄██████▄▄▄▄▄▄██████▄▄▄▄▄▄███
████████████████████████████████████
CRYPTO'S FASTEST
GROWING CASINO

‎ ★
█▄             ▄█
██▄         ▄██
▐█████████████████▌
█████████████████

▄█████████████████▄
▀▀
▄▄▄▄    ▄▄▄▄   ▀▀
▀███▀  ▄████▀  ▄██▀

▄▄   ▀█████  ▀▀▄▄
██████████████████
████▀▀▀▀▀▀▀▀▀▀▀▀█████
██████▄▄▄▄▄▄▄▄███████
▀███████████████▀
▀▀██████████▀▀
▄▄█████████▄▄
▄█▀▀  ▀▀███▀▀  ▀▀█▄
▄█▀        █        ██▄
▄█          █         ██▄
▄███       ▄███▄       ███▄
███▀▀█▄▄▄▄███████▄▄▄▄█▀▀███
█▀      ▀█████████▀      ▀█
█        █████████        █
▀█       █████████       █▀
▀█     ▄█       █▄     █▀
▀██████         ██████▀
▀████▄       ▄████▀
▄▄▄█████▀▀███▄▄▄▄▄███▀▀█████▄▄▄
★ ‎
‎ ★
█▀▀▀▀











█▄▄▄▄
.
PLAY NOW
▀▀▀▀█











▄▄▄▄█
HCP
Legendary
*
Offline Offline

Activity: 1834
Merit: 3919

<insert witty quote here>


View Profile
December 08, 2020, 09:34:35 PM
 #61

If you read the reddit threads, the Ledger staff claim that in every single case where someone has provided the appropriate details to them (ie. email address or phone number that received the phishing message), they have been able to identify that the data was already provided to them prior to the initial hack (ie. the person had already signed up for a newsletter or purchased a device using those details in the past).

It really is a "he said/she said" type situation... users claiming they received nothing until they purchased a black friday deal, then they magically start receiving messages... Ledger claiming there is no "ongoing" or "new" leak.

Having said that... I haven't purchased anything from them in over 3 years. Never received any messages/texts after the initial hack back in July/August etc... until I received the latest "We are sorry to tell you that due to the new KYC regulations, your hardware device has been deactivated." message 2 days ago. It wasn't even personally addressed, it just said: "Dear <my.email @address.com>"... so I'm not even sure if it was from the Ledger leak, or is just a semi-targeted campaign using details from one of the many crypto service hacks Undecided


Personally, I think the users saying "I got this message after buying on Black Friday" is just a timing coincidence... but that still doesn't change the fact that Ledger fucked up originally and haven't done a great job of handling it. Undecided

Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 740
Merit: 580



View Profile
December 08, 2020, 10:26:32 PM
 #62

I was the proud receiver of this last round of emails too.  Thankfully its a throw away email on tutanota.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
December 09, 2020, 09:43:47 AM
 #63

Never received any messages/texts after the initial hack back in July/August etc... until I received the latest "We are sorry to tell you that due to the new KYC regulations, your hardware device has been deactivated." message 2 days ago.

I also received the first such message in an email a few days ago, but it was in a spam folder. The message itself is really a real joke, of course only for those who know that HW cannot be deactivated in the way someone is trying to present it.

Personally, I think the users saying "I got this message after buying on Black Friday" is just a timing coincidence... but that still doesn't change the fact that Ledger fucked up originally and haven't done a great job of handling it. Undecided

There is no doubt that a company like this should not have allowed itself something like this, but when the hacking of the database happened, what could have been done better than what Ledger is currently doing? What exactly would you do if you were in such a situation?

Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
December 09, 2020, 10:48:33 AM
 #64

I really can't imagine that their server are still compromised, that would require some exceptionally bad incident response. Guess that's not impossible tho..
I don't think there are either. However, dkbit98 did share that reddit post where a user claims that he received a phishing email after purchasing one of their devices. But if the reddit user hasn't posted any proof to support his claims, the chance that he is lying and trying to take a swing at Ledger while they are down is equally possible.

I received the latest "We are sorry to tell you that due to the new KYC regulations, your hardware device has been deactivated." message 2 days ago. It wasn't even personally addressed, it just said: "Dear <my.email @address.com>"... so I'm not even sure if it was from the Ledger leak, or is just a semi-targeted campaign using details from one of the many crypto service hacks Undecided
I don't think it is related to the original leak. I received that device deactivated email as well, twice, on an email address not even remotely connected to the email used to purchase my Ledger device. It went into spam both times. I guess the senders just have a huge database of email addresses they have gotten their hands on.   

jerry0
Full Member
***
Offline Offline

Activity: 1274
Merit: 143


View Profile
December 10, 2020, 04:15:56 AM
 #65

I received this email as well but it went to my spam folder.  So most users thus received this email then?


So what happens if you click on the link on the email?  Is it malware/virus/keylogger?


Or does it ask you for your seed? 
Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
December 10, 2020, 10:30:40 AM
 #66

~snip~

It is mostly about trying to get someone to put their seed on a phishing site, but it is possible that this could infect your computer with a virus/malware. For you and most average users there is no point in clicking on a link, let’s leave that for those trying to locate hackers and prevent them from continuing with this dirty campaign.

bob123
Legendary
*
Offline Offline

Activity: 1610
Merit: 2424



View Profile WWW
December 10, 2020, 03:32:17 PM
 #67

I don't think there are either. However, dkbit98 did share that reddit post where a user claims that he received a phishing email after purchasing one of their devices.

Reddit users are... inexperienced to say at least.
Most of the people commenting there on crypto subs literally have not a single clue. These are the people who fall for phishing mails.

Just because some people on reddit claim something, this doesn't make it true. In fact, you should always assume that those people made the mistake themselves.



I guess there's always the possibility of something being overlooked (the baddies are always so ingenious), for example: man-in-the-middle attack or even some sort of 'inside job'. As in the recent twitter case.
They may not even know they are leaking data. Purely speculation on my part, of course...

A MITM is not related to that and wouldn't have any influence.

Whether it is an inside job or not, you do know when you are leaking data.
It's not something which "just happens" without being noticeable. There is enough evidence and there are definitely enough traces to see that data has been leaked and how it has been leaked.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 2016
Merit: 3209


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
December 11, 2020, 11:20:29 AM
 #68

I just checked to throwaway email account and found out i also received few similar spam email. Additionally, i also receive few classic send X coin and you'll earn 2X spam, while the throwaway email never got any spam before Ledger server hacked.

I received this email as well but it went to my spam folder.  So most users thus received this email then?


So what happens if you click on the link on the email?  Is it malware/virus/keylogger?


Or does it ask you for your seed? 

Aside from what @Lucius said, it's possible they use unique link for each receiver, which mean they'll know that you open the email and open the link. They also could log your IP and browser fingerprint.

btcwish1
Full Member
***
Offline Offline

Activity: 393
Merit: 108


View Profile
December 12, 2020, 05:35:00 PM
 #69

Another phishing email today. It is just not stopping. I am worried about one thing. I didn't receive email about 'ledger live' before and I never used ledger live either.

But recently I installed ledger live and used ledger live.  Now I am getting phishing email about ledger live!!



HCP
Legendary
*
Offline Offline

Activity: 1834
Merit: 3919

<insert witty quote here>


View Profile
December 12, 2020, 07:14:04 PM
 #70

Another phishing email today. It is just not stopping. I am worried about one thing. I didn't receive email about 'ledger live' before and I never used ledger live either.

But recently I installed ledger live and used ledger live.  Now I am getting phishing email about ledger live!!
It's most likely just a coincidence... a lot of people are receiving this "new" email.

Refer:
https://www.reddit.com/r/ledgerwallet/comments/kbtyix/data_breach_email/
https://www.reddit.com/r/ledgerwallet/comments/kbt4fv/so_wheres_the_attack_vector_in_this_email_theres/
https://www.reddit.com/r/ledgerwallet/comments/kbtpmq/ledger_data_breach/

And have a read of this: https://www.bleepingcomputer.com/news/security/fake-data-breach-alerts-used-to-steal-ledger-cryptocurrency-wallets/

aesma
Hero Member
*****
Offline Offline

Activity: 1568
Merit: 672


fly or die


View Profile
December 12, 2020, 11:54:42 PM
 #71

btcwish1 : I've been using Ledger live for years and I just got the email too, for the first time. I must say it's well done, but not enough to convince me to change my PIN or whatever, I understand how the security of the Ledger works, and I also know there is no association between my email and my wallet.

It will definitely work on some people, I fear.

edit : and I didn't buy a Ledger since that one time years ago.
Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
December 14, 2020, 02:16:59 PM
 #72

It has been 9 days since I created a brand new email address, registered for the Ledger newsletter, signed up to their Affiliate program, and entered my email address in their shopping cart as part of an uncompleted purchase. I have not received a single phishing email to the brand new account. If the data was still being leaked, I think someone would have tried something by now and I would have received a phishing email.

@dkbit98
What about you? Have you received any bogus emails?

@btcwish1
My friend, who my Ledger device was shipped to, received phishing mails, and I received some on email accounts that are not connected to Ledger at all. Who knows how these people operate and what kind of databases they have gotten their hands on. 

dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 14, 2020, 03:03:35 PM
 #73

What about you? Have you received any bogus emails?

Nothing received yet on new email I created, but it is interesting that I didn't receive any legit email from Ledger also, even if I am subscribed to their newsletter, so maybe they shut it down totally I don't know  Cheesy

I do keep getting daily scam messages on my old email address, some of them go directly to spam folder, but they always create new address that shows up in my inbox.
I reported recently in scam accusations that this scammers are from Ukraine/Russia region.

suchmoon
Legendary
*
Offline Offline

Activity: 2828
Merit: 6727


https://bpip.org


View Profile WWW
December 14, 2020, 03:18:36 PM
Merited by Pmalek (1)
 #74

My friend, who my Ledger device was shipped to, received phishing mails, and I received some on email accounts that are not connected to Ledger at all. Who knows how these people operate and what kind of databases they have gotten their hands on. 

"they" might have cross-referenced the Ledger list with some other lists to farm more related contact info, or sold the list to someone else who did it. I went through my spam folder and found at least one Ledger phishing e-mail received at an address that I never gave to Ledger but it still refers to me by name. It is possible that some other unrelated leak somewhere contained my name and e-mail too but that's a hell of a coincidence that it got a Ledger-themed e-mail and not the usual genitalia enlargement promotions.

Given that every fucking scammer knows "here is an address of a person who might have a decent amount of crypto because they bought a hardware wallet" it's just a matter of time before they start targeting family members.

LTU_btc
Legendary
*
Offline Offline

Activity: 2114
Merit: 1047



View Profile WWW
December 14, 2020, 08:14:59 PM
 #75

Nothing received yet on new email I created, but it is interesting that I didn't receive any legit email from Ledger also, even if I am subscribed to their newsletter, so maybe they shut it down totally I don't know  Cheesy
Nope, I'm still getting legit emails from Ledger. I got it on 7th, 12th December and another one just 10 minutes ago. So, it's a bit strange that you haven't got anything.
Also, recently I haven't got phishing Ledger emails, just some Blockchain.con and PayPal scams. But probably it's only matter of time.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
▄▄▀▀▀▀▀▀▀▀▀▄▄
▄█▀▄▄▀▀█▀▀▀█▀▀▄▄▀█▄
▄█▀▄▀▀█ ▄█▄▄▄█▄ █▀▀▄▀█▄
▄▀▄██▄▄▀▀▄▄ ▀▄▄▀▀▄▄██▄▀▄
▄█ ████ ███▌▐███ ████ █▄
█ ████ ████ ███ ████ ████ █
█ ████ ███ ▄▄▄▄▄ ███ ████ █
█ ████ █▀▄█▀▀▀▀▀█▄▀█ ████ █
▀█ ████ ██ ▄▀▀▀▄ ██ ████ █▀
▀▄▀██▀█▄▄ ▀▀▀▀▀ ▄▄█▀██▀▄▀
▀█▄▀█▄▄▀▀█████▀▀▄▄█▀▄█▀
▀█▄▀▀██▄▄▄▄▄██▀▀▄█▀
▀▀▄▄▄▄▄▄▄▄▄▀▀
OFFICIAL
BETTING
PARTNER
.INSTANT & FAST..
.TRANSACTION.....
.PROVABLY FAIR..
......& SECURE......
.24/7 CUSTOMER.
.............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Pmalek
Legendary
*
Offline Offline

Activity: 1820
Merit: 2860


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
December 15, 2020, 08:42:54 AM
 #76

Nothing received yet on new email I created, but it is interesting that I didn't receive any legit email from Ledger also, even if I am subscribed to their newsletter, so maybe they shut it down totally I don't know
They are still sending out those newsletters. I got my first one the day after I created my new email and registered for their newsletter. Maybe it is sent once a month or twice, and it just happened that I signed up the day before it was scheduled to be sent anyway.



...it's just a matter of time before they start targeting family members.
I would find that more troublesome than getting them myself.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 2016
Merit: 3209


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
December 15, 2020, 11:47:30 AM
 #77

Given that every fucking scammer knows "here is an address of a person who might have a decent amount of crypto because they bought a hardware wallet" it's just a matter of time before they start targeting family members.

One only can hope their family member uses email provider with good spam filter and don't fall to such scam easily.

Nothing received yet on new email I created, but it is interesting that I didn't receive any legit email from Ledger also, even if I am subscribed to their newsletter, so maybe they shut it down totally I don't know
They are still sending out those newsletters. I got my first one the day after I created my new email and registered for their newsletter. Maybe it is sent once a month or twice, and it just happened that I signed up the day before it was scheduled to be sent anyway.

On most email newsletter, you can choose what kind of newsletter you want to receive (e.g. tips, new update or just important news).
It's possible you either didn't opt-in or intentionally opt-out from specific newsletter, i don't know whether ledger newsletter is opt-in/opt-out by default though.

dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 15, 2020, 11:56:48 AM
 #78

Again I see people who recently purchased Ledger getting this phishing emails and sms from scammers.
Here is latest example from guy who purchased ledger just two weeks ago:
Quote
I just bought the Ledger two weeks ago. Now I am receiving a bunch of phishing emails I never got before from senders posing to be from Ledger.
I know there was a database breach a long time ago, but I just bought the Ledger X. Is there an inside employee leaking these emails? How can my email have been compromised within two weeks?
https://www.reddit.com/r/ledgerwallet/comments/kd6kbs/i_just_bought_the_ledger_two_weeks_ago_now_i_am/

And there are numerous reports on Legder not properly addressing tax, so people need to pay double taxes when they receive their wallet package.
What a joke   Cheesy

Given that every fucking scammer knows "here is an address of a person who might have a decent amount of crypto because they bought a hardware wallet" it's just a matter of time before they start targeting family members.
Exactly, and they can sell all customer data to any local criminals and gangster if they want.

aesma
Hero Member
*****
Offline Offline

Activity: 1568
Merit: 672


fly or die


View Profile
December 16, 2020, 01:21:22 AM
 #79

When you buy from a foreign country, outside of a trading block, duties are always tricky. I buy tons on cheap stuff on aliexpress and clearly nobody pays the taxes, it's just a game with the customs officer, sometimes you're caught and you pay.

A ledger being small they might go through fine most of the time.
LTU_btc
Legendary
*
Offline Offline

Activity: 2114
Merit: 1047



View Profile WWW
December 16, 2020, 09:22:44 PM
 #80

When you buy from a foreign country, outside of a trading block, duties are always tricky. I buy tons on cheap stuff on aliexpress and clearly nobody pays the taxes, it's just a game with the customs officer, sometimes you're caught and you pay.

A ledger being small they might go through fine most of the time.
Can you tell how phishing emails and taxes for goods is related?
Anyway, I think it's correct to compare Aliexpress and Ledger. When you buy from Ledger store, VAT is already added into final price. It depends on every seller what price they show on goods declaration and also it depends on customs of each country.
By the way, at least in Europe it won't be that easy to buy goods from China without paying taxes. From 2021, we will have to pay VAT for all goods from China, there will be no more exceptions for stuff which costs less than €22. Sorry if it's slightly off-topic Cheesy.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
▄▄▀▀▀▀▀▀▀▀▀▄▄
▄█▀▄▄▀▀█▀▀▀█▀▀▄▄▀█▄
▄█▀▄▀▀█ ▄█▄▄▄█▄ █▀▀▄▀█▄
▄▀▄██▄▄▀▀▄▄ ▀▄▄▀▀▄▄██▄▀▄
▄█ ████ ███▌▐███ ████ █▄
█ ████ ████ ███ ████ ████ █
█ ████ ███ ▄▄▄▄▄ ███ ████ █
█ ████ █▀▄█▀▀▀▀▀█▄▀█ ████ █
▀█ ████ ██ ▄▀▀▀▄ ██ ████ █▀
▀▄▀██▀█▄▄ ▀▀▀▀▀ ▄▄█▀██▀▄▀
▀█▄▀█▄▄▀▀█████▀▀▄▄█▀▄█▀
▀█▄▀▀██▄▄▄▄▄██▀▀▄█▀
▀▀▄▄▄▄▄▄▄▄▄▀▀
OFFICIAL
BETTING
PARTNER
.INSTANT & FAST..
.TRANSACTION.....
.PROVABLY FAIR..
......& SECURE......
.24/7 CUSTOMER.
.............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
btcwish1
Full Member
***
Offline Offline

Activity: 393
Merit: 108


View Profile
December 20, 2020, 01:46:20 PM
 #81

Yet again another phishing email. This time in the name of new KYC rules!! Angry

aesma
Hero Member
*****
Offline Offline

Activity: 1568
Merit: 672


fly or die


View Profile
December 20, 2020, 06:46:35 PM
 #82

When you buy from a foreign country, outside of a trading block, duties are always tricky. I buy tons on cheap stuff on aliexpress and clearly nobody pays the taxes, it's just a game with the customs officer, sometimes you're caught and you pay.

A ledger being small they might go through fine most of the time.
Can you tell how phishing emails and taxes for goods is related?
Anyway, I think it's correct to compare Aliexpress and Ledger. When you buy from Ledger store, VAT is already added into final price. It depends on every seller what price they show on goods declaration and also it depends on customs of each country.
By the way, at least in Europe it won't be that easy to buy goods from China without paying taxes. From 2021, we will have to pay VAT for all goods from China, there will be no more exceptions for stuff which costs less than €22. Sorry if it's slightly off-topic Cheesy.

dkbit98 just above my post was adding another accusation against Ledger, that they mess up with the taxes.  I'm French so when I ordered my Ledger through their website, there was really no customs involved (it's a French company).

Yet again another phishing email. This time in the name of new KYC rules!! Angry



You really need to not understand what it is you have bought to fall for that one.
FatFork
Hero Member
*****
Online Online

Activity: 658
Merit: 740



View Profile
December 21, 2020, 08:43:02 AM
Merited by o_e_l_e_o (2)
 #83

Looks like we can expect a new stream of Ledger phishing emails.
The stolen database has become available for free on 'RaidForums'. Ledger confirmed.



.freebitcoin.       ▄▄▄█▀▀██▄▄▄
   ▄▄██████▄▄█  █▀▀█▄▄
  ███  █▀▀███████▄▄██▀
   ▀▀▀██▄▄█  ████▀▀  ▄██
▄███▄▄  ▀▀▀▀▀▀▀  ▄▄██████
██▀▀█████▄     ▄██▀█ ▀▀██
██▄▄███▀▀██   ███▀ ▄▄  ▀█
███████▄▄███ ███▄▄ ▀▀▄  █
██▀▀████████ █████  █▀▄██
 █▄▄████████ █████   ███
  ▀████  ███ ████▄▄███▀
     ▀▀████   ████▀▀
BITCOIN
DICE
EVENT
BETTING
WIN A LAMBO !

.
            ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
▄▄▄▄▄██████████████████████████████████▄▄▄▄
▀██████████████████████████████████████████████▄▄▄
▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
  ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
       ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.PLAY NOW.
dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 21, 2020, 08:46:55 AM
 #84

Now we see the truth what happened with hacked ledger database and one million customer information ending up on raidforums.
We can see that emails has attached name, physical addresses, phone numbers  and number assigned to it.

Quote
272.853 orders with full info details (Email, Addresses, Phone Number)
1.075.382 emails subscribed to newsletter

Now we see that ledger lied about real numbers of leaked customer data with full info.... real numbers are much much higher.

Better check if your email address is pwned and change it, oh and never trust ledger again:
https://haveibeenpwned.com/

Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
December 21, 2020, 11:45:11 AM
 #85

Better check if your email address is pwned and change it, oh and never trust ledger again:

There is no need for any checks, everyone who has ever bought something from Ledger or left their e-mail address in any way is in that database - and all that information is now public, it’s just a matter of who suffered more damage because in addition to e-mail, all other data was leaked. Changing email means absolutely nothing, at least not for those who know how to recognize spam.

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1442
Merit: 7453


Wear a mask, slow the spread


View Profile
December 21, 2020, 11:55:52 AM
 #86

Yup, this is horrendous. The leak of 9,500 addresses was bad enough. The leak of 272 thousand addresses is horrendous. But that isn't even the worst thing. Ledger either lied and covered up the size of this leak, despite endless customer reports to the contrary, or were genuinely unaware of what data had been accessed, and this lasted for months. Either is inexcusable and unforgivable. There is zero trust left with Ledger.

I'm done with hardware wallets. I was done with Trezor after their critical vulnerability which they don't even warn new users about, and now I'm done with Ledger since they can't be trusted to be either competent, honest, or both. I am completely unaffected by this hack thanks to fake credentials, but I refuse to use my Ledger devices any longer. I'll be moving everything off them and in to airgapped cold storage as soon as the mempool empties.

Lots of reports on Reddit of people receiving ransom emails with their real name and address, and demanding payment to not be physically attacked. Horrendous.



As I've said before, if you have given your real name and address to any crypto company, now is a good time to contact them and request that they delete all of your information. Check their Terms of Service and Privacy Policy for how to go about doing so.

FatFork
Hero Member
*****
Online Online

Activity: 658
Merit: 740



View Profile
December 21, 2020, 12:39:05 PM
 #87

Lots of reports on Reddit of people receiving ransom emails with their real name and address, and demanding payment to not be physically attacked. Horrendous.

This is really disturbing. I can't even imagine how these people are feeling right now.

.freebitcoin.       ▄▄▄█▀▀██▄▄▄
   ▄▄██████▄▄█  █▀▀█▄▄
  ███  █▀▀███████▄▄██▀
   ▀▀▀██▄▄█  ████▀▀  ▄██
▄███▄▄  ▀▀▀▀▀▀▀  ▄▄██████
██▀▀█████▄     ▄██▀█ ▀▀██
██▄▄███▀▀██   ███▀ ▄▄  ▀█
███████▄▄███ ███▄▄ ▀▀▄  █
██▀▀████████ █████  █▀▄██
 █▄▄████████ █████   ███
  ▀████  ███ ████▄▄███▀
     ▀▀████   ████▀▀
BITCOIN
DICE
EVENT
BETTING
WIN A LAMBO !

.
            ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
▄▄▄▄▄██████████████████████████████████▄▄▄▄
▀██████████████████████████████████████████████▄▄▄
▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
  ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
       ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.PLAY NOW.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 2016
Merit: 3209


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
December 21, 2020, 12:52:50 PM
 #88

Now we see the truth what happened with hacked ledger database and one million customer information ending up on raidforums.
We can see that emails has attached name, physical addresses, phone numbers  and number assigned to it.

It also contain city, district/province and zip code, which could be used in case there's small typo on your address.

Quote
272.853 orders with full info details (Email, Addresses, Phone Number)
1.075.382 emails subscribed to newsletter

Now we see that ledger lied about real numbers of leaked customer data with full info.... real numbers are much much higher.

I can understand if the number is slighter higher than reported number, but 28 times over the reported number is horrendous. Ledger shoot their own feet this time.

Better check if your email address is pwned and change it, oh and never trust ledger again:
https://haveibeenpwned.com/

Or download the dump file from https://intelx.io/?did=8761746e-d333-4256-bbcd-9100c8722799 since it's plain text and the size roughly only 50MB.
People who bought Ledger HW wallet definitely should check the dump file.

dkbit98
Legendary
*
Offline Offline

Activity: 1288
Merit: 2489


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 21, 2020, 01:02:33 PM
Last edit: December 21, 2020, 01:14:07 PM by dkbit98
 #89

28 times over the reported number, ledger shoot their own feet this time.

When I told all the ledger shillers here that ledger team lies about 9500 number of full leak data, they told me I was wrong and to just trust the ledger. I don't see them now maybe because they got back into their small holes and hide.

Btw I think this download file you provided contains only emails and I can't find my email address there, but just to be safe I will probably change addresses I use.
EDIT: I found all other files also.

Yup, this is horrendous. The leak of 9,500 addresses was bad enough. The leak of 272 thousand addresses is horrendous. But that isn't even the worst thing. Ledger either lied and covered up the size of this leak, despite endless customer reports to the contrary, or were genuinely unaware of what data had been accessed, and this lasted for months. Either is inexcusable and unforgivable. There is zero trust left with Ledger.

They lied 100% like I said many times before, and anyone who have any contacts in darkweb could confirm this.
Zero trust confirmed and reputation ruined.
Here comes 100% discount from ledger soon...

ETFbitcoin
Legendary
*
Offline Offline

Activity: 2016
Merit: 3209


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
December 21, 2020, 01:15:48 PM
 #90

Btw I think this download file you provided contains only emails and I can't find my email address there, but just to be safe I will probably change addresses I use.

The UI of their website is a bit confusing, after you open link i mentioned, select "Tree", you should find link for whole leaked database. There's strict limitation without registration, so make sure you open file "Ledger Orders..." first.

suchmoon
Legendary
*
Offline Offline

Activity: 2828
Merit: 6727


https://bpip.org


View Profile WWW
December 21, 2020, 01:31:58 PM
 #91

Ledger confirmed.

No no no, they're "still confirming". Nothing to worry about. After months of phishing e-mails and texts and phone calls it might turn out to be a non-issue if they don't confirm. Grin

Fucking assholes and absolute clueless knobs when it comes to securing customer data or customer support or being in business altogether.

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1442
Merit: 7453


Wear a mask, slow the spread


View Profile
December 21, 2020, 01:40:22 PM
 #92

They lied 100% like I said many times before
They are claiming on Reddit that they did not lie, and the logs and investigation they performed revealed only 9,500 compromised addresses. As I said above, if they aren't lying then they are completely unaware about the security of their own systems, and someone managed to steal a quarter of million customers' details with Ledger being none the wiser. Not that it really matters - either is enough to never use them again.

Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2754


Si Vis Pacem, Para Bellum


View Profile WWW
December 21, 2020, 01:47:18 PM
 #93

People who bought Ledger HW wallet definitely should check the dump file.

I get data from GitHub (link posted here - forum link), but finding your data is a bit more difficult, so it would be very useful for someone to make a search option, just enough so that everyone can see if only their e-mail or all other data has been published.