Bitcoin Forum
October 25, 2021, 04:52:13 PM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 [6] 7 8 9 »  All
  Print  
Author Topic: New Ledger phishing mail targets individual users  (Read 1714 times)
casperBGD
Hero Member
*****
Offline Offline

Activity: 1288
Merit: 611


#BanklessDAO


View Profile
December 21, 2020, 02:54:45 PM
 #101

~snip
Personally, I would very much like to join a class action lawsuit.

I really do not think that this is possible, it is good to check all the documents that you been checking while leaving your data on Ledger website, but I would be surprised if Ledger leaved any space for people to pull a lawsuit against them over data hacking, it is what it is, and probably we can just be mad at them and choose another provider for hardware wallets


Who knows, they are close sourced; something that has been vastly criticized; and maybe somewhere in the code, the device sends a report on the assets each device cointains everytime you use Ledger Live. I wouldn't be surprised if such a thing was exposed right know; considering how crazy it's been since July.

I highly doubt that ledger live is sending data regarding your account in some central database, it would be of no use for them and highly risky for users, although I think that they cannot relate your BTC address on device with your personal data (since you create it with first use), if they can, then they would be able to have access to your mnemonic phase or private key, prior to sending you device, and that would be already exploited, so this is not the case certainly, they do not have crypto amount per user, may have per address on device (clearly doubt this as well), but this could not be related with physical person/address

Duelbits            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|              ▄▄▀▀█▌
          ▄▄▀█▄    █
        ▄▀     ▀▄▄ █
       █    ▄▄    ▀█
    ▄▄█    █  █   ▐▌
  ▄▀ █      ▀▀    █
▄▀  ▐▌           █
█ ▄▀▀▄▄        ▄▀
▀▀  ▄  ▀▄▄   ▄▀█
  ▄▀   ▄  ▀█▀  █
   ▄▀ ▄▀   █  █
  ▄▀ █     █▄▀
   ▄▀
NEW GAME!
..CRASH...
|||
[ Đ ][ Ł ]
AVAILABLE NOW
1635180733
Hero Member
*
Offline Offline

Posts: 1635180733

View Profile Personal Message (Offline)

Ignore
1635180733
Reply with quote  #2

1635180733
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1635180733
Hero Member
*
Offline Offline

Posts: 1635180733

View Profile Personal Message (Offline)

Ignore
1635180733
Reply with quote  #2

1635180733
Report to moderator
1635180733
Hero Member
*
Offline Offline

Posts: 1635180733

View Profile Personal Message (Offline)

Ignore
1635180733
Reply with quote  #2

1635180733
Report to moderator
suchmoon
Legendary
*
Offline Offline

Activity: 2842
Merit: 6752


https://bpip.org


View Profile WWW
December 21, 2020, 03:08:15 PM
 #102

Who knows, they are close sourced; something that has been vastly criticized; and maybe somewhere in the code, the device sends a report on the assets each device cointains everytime you use Ledger Live. I wouldn't be surprised if such a thing was exposed right know; considering how crazy it's been since July.

It doesn't have to be in Ledger data. If there is a leak of e-mail addresses from somewhere else, e.g. some bitcoin forum perhaps, and those e-mail addresses can be tied to assets, and you can look up a physical address in the Ledger leak - jackpot. Granted that's a lot of work with a low probability of success but someone somewhere will surely try it and will release a nicely collated list of targets just because they can.

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1456
Merit: 7541


Wear a mask, slow the spread


View Profile
December 21, 2020, 03:49:51 PM
 #103

I really do not think that this is possible, it is good to check all the documents that you been checking while leaving your data on Ledger website, but I would be surprised if Ledger leaved any space for people to pull a lawsuit against them over data hacking
Depends on French and EU law. They could very well be at fault for not storing this data in a secure environment, i.e. encrypted and offline. There is a new subreddit at /r/ledgerwalletleak which is discussing lawsuits, and there are some responses from various lawyers pasted in there which seem like there may be a case.

I highly doubt that ledger live is sending data regarding your account in some central database, it would be of no use for them and highly risky for users,
And no one expected that Ledger were storing everyone's personal info in one big unencrypted, unprotected, and unsecured online database, and yet, here we are.

if they can, then they would be able to have access to your mnemonic phase or private key, prior to sending you device
Not required. All you need to do is open Ledger Live and details of your addresses could be sent to their servers.

DaveF
Legendary
*
Offline Offline

Activity: 2548
Merit: 2422


I DO NOT TRADE on Telegram or Skype or Discord.


View Profile WWW
December 21, 2020, 04:52:26 PM
 #104

I highly doubt that ledger live is sending data regarding your account in some central database, it would be of no use for them and highly risky for users,
And no one expected that Ledger were storing everyone's personal info in one big unencrypted, unprotected, and unsecured online database, and yet, here we are.

Ummm, that is how us paranoid security nutjobs think everyone stores our info.
This is why I use disposable email addresses and have semi-bogus shipping info.
Oh, and enjoy calling my virtual phone number that goes nowhere.
Sad, but this is what it takes to be somewhat secure today.

-Dave

FatFork
Hero Member
*****
Offline Offline

Activity: 672
Merit: 744



View Profile
December 21, 2020, 05:55:14 PM
 #105

...Sad, but this is what it takes to be somewhat secure today.

This is not the answer. If I am supposed to use fake information (name, address, phone number) to use a legitimate service, then I am the one who violates the rules and regulations (in some cases, even breaking the law). And what about credit card numbers? Should I also have a fake credit card for online shopping?
No, no, no. In this situation, it is very clear who is responsible.

.freebitcoin.       ▄▄▄█▀▀██▄▄▄
   ▄▄██████▄▄█  █▀▀█▄▄
  ███  █▀▀███████▄▄██▀
   ▀▀▀██▄▄█  ████▀▀  ▄██
▄███▄▄  ▀▀▀▀▀▀▀  ▄▄██████
██▀▀█████▄     ▄██▀█ ▀▀██
██▄▄███▀▀██   ███▀ ▄▄  ▀█
███████▄▄███ ███▄▄ ▀▀▄  █
██▀▀████████ █████  █▀▄██
 █▄▄████████ █████   ███
  ▀████  ███ ████▄▄███▀
     ▀▀████   ████▀▀
BITCOIN
DICE
EVENT
BETTING
WIN A LAMBO !

.
            ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
▄▄▄▄▄██████████████████████████████████▄▄▄▄
▀██████████████████████████████████████████████▄▄▄
▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
  ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
       ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.PLAY NOW.
HCP
Legendary
*
Offline Offline

Activity: 1834
Merit: 3928

<insert witty quote here>


View Profile
December 21, 2020, 06:28:29 PM
 #106

Interestingly, they only have my email addresses, despite having made a purchase... so it would seem that the buyers database is not "complete". So, that's something I guess... Undecided

Kudos to Ledger for actually admitting that the original security log analysis was incorrect in its determination of how much data was leaked:
Quote
At the time of the incident, in July, we engaged an external security organisation to conduct a forensic review of the logs available. This review of the logs enabled us to confirm that approximately 1 million email addresses had been stolen as well as 9,532 more detailed personal information (postal addresses, name, surname and phone number) that we were able to specifically identify.

The database publicly released yesterday shows that a larger subset of detailed information has been leaked, approximately 272,000 detailed information such as postal address, last name, first name and telephone number of our customers. These details are not available in the logs that we were able to analyse.

Still, I'm not sure why they didn't just assume the worst-case scenario that everything had been taken... Huh

Csmiami
Copper Member
Legendary
*
Offline Offline

Activity: 1036
Merit: 1007


Yes, I consider myself to be hilarious


View Profile WWW
December 21, 2020, 08:56:54 PM
 #107

I have finally received my personal email informing me about the leak, and boy is it funny to read. I'll highlight a couple of things:

Quote
We regret to inform you that you are part of the approximately 272 000 customers whose detailed personal information was accessed by the unauthorized third party. Specifically, your name and surname, and your postal address were exposed.

Not only are they late, but the specifically forget to mention that my phone number and email have also been leaked; which leads me to believe that they haven't actually checked the dumped DB.

Quote
We are still investigating, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020
I think it was suchmoon the one mentioning it; but what else do they have to investigate? Like really, the data is out in the public, they know when the vulnerability was allegedly found. If anything, they should check whether new customers' data is still there, but other than that... the oldest data to know when this party started?

The email as a whole is a copy paste, which considering the case is way too "cold" (but what could we really expect?)


 ██                        ██   
 ████                    ████   
 █████              ██  █████   
 █████            ████  █████   
 █████           █████  █████   
 █████  ██       █████  █████   
 █████  ████      ████  █████   
 █████  █████       ██  █████   
 █████  █████           █████   
 █████  ████            █████   
 █████  ██              █████   
 ████                    ████   
 ██                        ██   
Mintlayer



      ▀▀▀▀▀▀▀▀▀▀▀▀







Asset Tokenization and DEX



▀▀▀▀▀▀▀▀▀▀▀▀








████████████████████████████
████████████████████████████
█████████████▀▀  ███████████
███████████▌ ▐██████████████
██████  ▀         ▀  ███████
██████               ███████
██████    ██   ██    ███████
██████▌              ███████
███████    ▄   ▄    ▄███████
████████▄   ▀▀▀   ▄█████████
██████████▄     ▄███████████
████████████████████████████
████████████████████████████

███████████████████████████
███████████████████████████
███████████████████████████
██████▀███████▀   ▀▀▀▄█████
█████▌  ▀▀███▌       ▄█████
█████▀               ██████
█████▄              ███████
██████▄            ████████
███████▄▄        ▄█████████
██████▄       ▄████████████
███████████████████████████
███████████████████████████
███████████████████████████

████████████████████████████
████████████████████████████
████████████████████████████
█████████████████▀▀  ███████
█████████████▀▀      ███████
█████████▀▀   ▄▄     ███████
█████▀▀    ▄█▀▀     ████████
█████████ █▀        ████████
█████████ █ ▄███▄   ████████
██████████████████▄▄████████
████████████████████████████
████████████████████████████
████████████████████████████

███████████████████████████
███████████████████████████
███████████████████████████
███████████ ▀██████████████
███████████   ▀████████████
███████████     ▀██████████
███████████       ▀████████
███████████      ▄█████████
███████████    ▄███████████
███████████  ▄█████████████
███████████▄███████████████
███████████████████████████
███████████████████████████
casperBGD
Hero Member
*****
Offline Offline

Activity: 1288
Merit: 611


#BanklessDAO


View Profile
December 21, 2020, 09:05:25 PM
 #108


if they can, then they would be able to have access to your mnemonic phase or private key, prior to sending you device
Not required. All you need to do is open Ledger Live and details of your addresses could be sent to their servers.

yeah, but how can they relate address in Ledger live with you/personally, and your physical address, I do not think that Ledger can do that, just based on addresses in the device, since they cannot know which public address will be created on the device, do they?

I will certainly follow the reddit, it would be good to close Ledger for good, if that can be, their stance on the case is really bad, they actually send you copy/paste e-mail with data that are incorrect, because you can check one in a leaked database, it is public, so one can check which data are exposed, Ledger people as well, how can they inform you different, it is stupid from them

Duelbits            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|              ▄▄▀▀█▌
          ▄▄▀█▄    █
        ▄▀     ▀▄▄ █
       █    ▄▄    ▀█
    ▄▄█    █  █   ▐▌
  ▄▀ █      ▀▀    █
▄▀  ▐▌           █
█ ▄▀▀▄▄        ▄▀
▀▀  ▄  ▀▄▄   ▄▀█
  ▄▀   ▄  ▀█▀  █
   ▄▀ ▄▀   █  █
  ▄▀ █     █▄▀
   ▄▀
NEW GAME!
..CRASH...
|||
[ Đ ][ Ł ]
AVAILABLE NOW
aesma
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 672


fly or die


View Profile
December 21, 2020, 11:44:49 PM
 #109

They are claiming on Reddit that they did not lie, and the logs and investigation they performed revealed only 9,500 compromised addresses. As I said above, if they aren't lying then they are completely unaware about the security of their own systems, and someone managed to steal a quarter of million customers' details with Ledger being none the wiser. Not that it really matters - either is enough to never use them again.

Makes the recent complains about ongoing leaks not that far fetched anymore, doesn't it.



I checked a few zip codes around me and what do you know - the number of ledger buyers per zip code follows known indicators of wealth for those areas, e.g. income and real estate prices. This might turn out to be a very valuable dataset for a wannabe burglar.

Burglars already know that wealthy neighborhoods have wealthy people. What we should be worried about are home invaders, intent to maim and torture to get our crypto.

Maybe time to set up a decoy ledger/secondary PIN with something like 0,1BTC on it to give up to such invaders ?
suchmoon
Legendary
*
Offline Offline

Activity: 2842
Merit: 6752


https://bpip.org


View Profile WWW
December 22, 2020, 12:04:06 AM
 #110

Burglars already know that wealthy neighborhoods have wealthy people.

True, but now they know addresses of the ones worth visiting.

What we should be worried about are home invaders, intent to maim and torture to get our crypto.

Maybe time to set up a decoy ledger/secondary PIN with something like 0,1BTC on it to give up to such invaders ?

I thought about it - actually thought about just writing my PIN on the Ledger and handing it over - but then... how many of these decoys should I have? Will the second attacker believe me if I say that I've already been mugged?

Probably just need to make sure the insurance policies are up to date and hope for the best.

aesma
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 672


fly or die


View Profile
December 22, 2020, 12:17:20 AM
 #111

Such thoughts are pretty bad. I know hackers aren't all nice people but putting home addresses online like that is really nasty. On the other hand if the data is legit, then only my email has leaked.
o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1456
Merit: 7541


Wear a mask, slow the spread


View Profile
December 22, 2020, 10:30:41 AM
 #112

yeah, but how can they relate address in Ledger live with you/personally, and your physical address
They will have logs of the IP addresses which make orders through their website, and they could easily keep logs of the IP addresses that each Ledger Live connects from and which addresses they query. Not saying they do do this, but it is certainly possible.

Burglars already know that wealthy neighborhoods have wealthy people.
Stealing something like a laptop or some jewellery and having to pawn them off second hand for a few hundred bucks without getting caught is one thing. Stealing tens or hundreds of thousands of dollars worth of bitcoin and knowing that you can make it untraceable is another.



Now there are reports on Reddit of people receiving scam emails about exchange accounts (notably Coinbase), as well as potential SIM swapping attacks. If you are on this list, at a minimum you should create a brand new email and move all your accounts over to this new email, and make sure you are using either a 2FA app or hardware key (NOT email or SMS) on all your accounts. Preferably change phone number too.

casperBGD
Hero Member
*****
Offline Offline

Activity: 1288
Merit: 611


#BanklessDAO


View Profile
December 22, 2020, 11:05:27 AM
 #113

yeah, but how can they relate address in Ledger live with you/personally, and your physical address
They will have logs of the IP addresses which make orders through their website, and they could easily keep logs of the IP addresses that each Ledger Live connects from and which addresses they query. Not saying they do do this, but it is certainly possible.

agree, they could also note the device serial number and transmit it through ledger live to connect to your purchase, but that will sound as they are not even legitimate company at all, and their main purpose is like stealing your funds in some way, isn't it?
nevertheless, I think that they were just ignorant to their buyers, and focused to improve their sales through constant e-mails to their commercial database

Now there are reports on Reddit of people receiving scam emails about exchange accounts (notably Coinbase), as well as potential SIM swapping attacks. If you are on this list, at a minimum you should create a brand new email and move all your accounts over to this new email, and make sure you are using either a 2FA app or hardware key (NOT email or SMS) on all your accounts. Preferably change phone number too.

agree on this one, some security measures to leaked information should be taken, changing of e-mail used for the service should be first one

Duelbits            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|              ▄▄▀▀█▌
          ▄▄▀█▄    █
        ▄▀     ▀▄▄ █
       █    ▄▄    ▀█
    ▄▄█    █  █   ▐▌
  ▄▀ █      ▀▀    █
▄▀  ▐▌           █
█ ▄▀▀▄▄        ▄▀
▀▀  ▄  ▀▄▄   ▄▀█
  ▄▀   ▄  ▀█▀  █
   ▄▀ ▄▀   █  █
  ▄▀ █     █▄▀
   ▄▀
NEW GAME!
..CRASH...
|||
[ Đ ][ Ł ]
AVAILABLE NOW
dkbit98
Legendary
*
Offline Offline

Activity: 1302
Merit: 2537


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 22, 2020, 01:18:51 PM
 #114

Situation is really bad, but that is maybe only way for people to learn how privacy is very very important and to learn how to protect themselves and not repeat same mistakes again.
Now everyone have this famous ledger lists and if we know that ledger keeps customer data information forever, and they have website full of trackers and ads so don't be surprised if they also keep track of everything including IP for using their shitty ledger live app and their website.

at a minimum you should create a brand new email and move all your accounts over to this new email, and make sure you are using either a 2FA app or hardware key (NOT email or SMS) on all your accounts. Preferably change phone number too.

I agree and in future better use PO Boxes people, in some countries they are FREE to use.
Now my GUIDE How to buy a Hardware Wallet the right way should be more popular with people  Cheesy



Betwrong
Legendary
*
Offline Offline

Activity: 2366
Merit: 1240



View Profile
December 22, 2020, 03:56:38 PM
 #115

I'm currently watching Help! Ledger Cryptocurrency Hardware Wallet Database Hack: aantonop Emergency Livestream Q&A, and since it's over 2 hours long, here's the most important parts of it, imo.

1. What happened(2 mins)

2. Ledger does not have your keys or seeds(1 min)

3. What should I do? (2 mins)

The main message:

Do not react hastily. Research first.

"Sometimes it's better to just not do anything. And this feels wrong, but it might be the best way." - Andreas Antonopoulos in this video.

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███
████▀█▄▀█████▌  ▀██▀▄█ ████
█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████
███████████████████████████
.
█ █▀█ █▀█ █▀█  ▄  ▄▀▀ █   ▄▀█ ▀█▀ ▄▀▀ ▄███▄
█ █▀█ █ █ █ █ ▀█▀ ▀▀█ █   █ █  █  ▀▀█ ▀███▀
█ █▄█ █▄█ █▄█     ▄▄▀ ▀▄▄ █▄▀  █  ▄▄▀   
                                        █
████████████████████████████████████ 
███▀▀▀▀▀▀██████▀▀▀▀▀▀██████▀▀▀▀▀▀███ 
█▀▄██▀███▄▀██▀▄██▀███▄▀██▀▄██▀███▄▀████▄
█ █ ▀ ▀███ ██ █ ▀ ▀███ ██ █ ▀ ▀███ █████
█ ██    ▄█ ██ ██    ▄█ ██ ██    ▄█ █████
█▄▀██  ▀█▀▄██▄▀██  ▀█▀▄██▄▀██  ▀█▀▄████▀
███▄▄▄▄▄▄██████▄▄▄▄▄▄██████▄▄▄▄▄▄███
████████████████████████████████████
CRYPTO'S FASTEST
GROWING CASINO

‎ ★
█▄             ▄█
██▄         ▄██
▐█████████████████▌
█████████████████

▄█████████████████▄
▀▀
▄▄▄▄    ▄▄▄▄   ▀▀
▀███▀  ▄████▀  ▄██▀

▄▄   ▀█████  ▀▀▄▄
██████████████████
████▀▀▀▀▀▀▀▀▀▀▀▀█████
██████▄▄▄▄▄▄▄▄███████
▀███████████████▀
▀▀██████████▀▀
▄▄█████████▄▄
▄█▀▀  ▀▀███▀▀  ▀▀█▄
▄█▀        █        ██▄
▄█          █         ██▄
▄███       ▄███▄       ███▄
███▀▀█▄▄▄▄███████▄▄▄▄█▀▀███
█▀      ▀█████████▀      ▀█
█        █████████        █
▀█       █████████       █▀
▀█     ▄█       █▄     █▀
▀██████         ██████▀
▀████▄       ▄████▀
▄▄▄█████▀▀███▄▄▄▄▄███▀▀█████▄▄▄
★ ‎
‎ ★
..PLAY NOW..
Pmalek
Legendary
*
Offline Offline

Activity: 1834
Merit: 2932


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
December 22, 2020, 04:14:47 PM
 #116

Check their Terms of Service and Privacy Policy for how to go about doing so.
Their Privacy Policy states that they may keep some personal data achieved for up to 10 years if you purchased any of their devices or goods they sell. Apparently due to legal and taxing purposes. Once the required timeframe expires, they claim they will delete any records of you from their systems.

If someone wants to contact them and ask to have their personal data permanently deleted, they can do so by sending an email to privacy@ledger.fr.

LTU_btc
Legendary
*
Offline Offline

Activity: 2128
Merit: 1047



View Profile WWW
December 22, 2020, 07:01:16 PM
 #117

I checked leaked data and I was already ready to see full my data leaked with full name, phone number and home address, but fortunately, there is just my email address.
What I noticed that in few recent days I got more than ever phishing Ledger emails and it can't be not related with this data leak.
What is worst, this database wasn't just sold somewhere on dark web. Now it's available for everyone, so great opportunity for people with bad intentions to use it without putting any effort to get so many email addresses.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
▄▄▀▀▀▀▀▀▀▀▀▄▄
▄█▀▄▄▀▀█▀▀▀█▀▀▄▄▀█▄
▄█▀▄▀▀█ ▄█▄▄▄█▄ █▀▀▄▀█▄
▄▀▄██▄▄▀▀▄▄ ▀▄▄▀▀▄▄██▄▀▄
▄█ ████ ███▌▐███ ████ █▄
█ ████ ████ ███ ████ ████ █
█ ████ ███ ▄▄▄▄▄ ███ ████ █
█ ████ █▀▄█▀▀▀▀▀█▄▀█ ████ █
▀█ ████ ██ ▄▀▀▀▄ ██ ████ █▀
▀▄▀██▀█▄▄ ▀▀▀▀▀ ▄▄█▀██▀▄▀
▀█▄▀█▄▄▀▀█████▀▀▄▄█▀▄█▀
▀█▄▀▀██▄▄▄▄▄██▀▀▄█▀
▀▀▄▄▄▄▄▄▄▄▄▀▀
OFFICIAL
BETTING
PARTNER
.INSTANT & FAST..
.TRANSACTION.....
.PROVABLY FAIR..
......& SECURE......
.24/7 CUSTOMER.
.............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Csmiami
Copper Member
Legendary
*
Offline Offline

Activity: 1036
Merit: 1007


Yes, I consider myself to be hilarious


View Profile WWW
December 22, 2020, 09:40:15 PM
 #118

agree, they could also note the device serial number and transmit it through ledger live to connect to your purchase, but that will sound as they are not even legitimate company at all, and their main purpose is like stealing your funds in some way, isn't it?

Or they simply wanted to track their customers after the purchase to collect their consumer habits and use the data to improve their marketing... there's way too many things that could be done without any "bad" intention on their side by doing this.


Have I just created a conspiracy theory?


 ██                        ██   
 ████                    ████   
 █████              ██  █████   
 █████            ████  █████   
 █████           █████  █████   
 █████  ██       █████  █████   
 █████  ████      ████  █████   
 █████  █████       ██  █████   
 █████  █████           █████   
 █████  ████            █████   
 █████  ██              █████   
 ████                    ████   
 ██                        ██   
Mintlayer



      ▀▀▀▀▀▀▀▀▀▀▀▀







Asset Tokenization and DEX



▀▀▀▀▀▀▀▀▀▀▀▀








████████████████████████████
████████████████████████████
█████████████▀▀  ███████████
███████████▌ ▐██████████████
██████  ▀         ▀  ███████
██████               ███████
██████    ██   ██    ███████
██████▌              ███████
███████    ▄   ▄    ▄███████
████████▄   ▀▀▀   ▄█████████
██████████▄     ▄███████████
████████████████████████████
████████████████████████████

███████████████████████████
███████████████████████████
███████████████████████████
██████▀███████▀   ▀▀▀▄█████
█████▌  ▀▀███▌       ▄█████
█████▀               ██████
█████▄              ███████
██████▄            ████████
███████▄▄        ▄█████████
██████▄       ▄████████████
███████████████████████████
███████████████████████████
███████████████████████████

████████████████████████████
████████████████████████████
████████████████████████████
█████████████████▀▀  ███████
█████████████▀▀      ███████
█████████▀▀   ▄▄     ███████
█████▀▀    ▄█▀▀     ████████
█████████ █▀        ████████
█████████ █ ▄███▄   ████████
██████████████████▄▄████████
████████████████████████████
████████████████████████████
████████████████████████████

███████████████████████████
███████████████████████████
███████████████████████████
███████████ ▀██████████████
███████████   ▀████████████
███████████     ▀██████████
███████████       ▀████████
███████████      ▄█████████
███████████    ▄███████████
███████████  ▄█████████████
███████████▄███████████████
███████████████████████████
███████████████████████████
aesma
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 672


fly or die


View Profile
December 22, 2020, 11:13:00 PM
 #119

yeah, but how can they relate address in Ledger live with you/personally, and your physical address
They will have logs of the IP addresses which make orders through their website, and they could easily keep logs of the IP addresses that each Ledger Live connects from and which addresses they query. Not saying they do do this, but it is certainly possible.

Burglars already know that wealthy neighborhoods have wealthy people.
Stealing something like a laptop or some jewellery and having to pawn them off second hand for a few hundred bucks without getting caught is one thing. Stealing tens or hundreds of thousands of dollars worth of bitcoin and knowing that you can make it untraceable is another.

Sure, but in that case what matters is having addresses from the hack. In fact addresses in wealthy places might not be the best ones, as there might be better security, gated communities, police that comes quickly, alarms, CCTV, etc.
examplens
Legendary
*
Offline Offline

Activity: 2352
Merit: 1568



View Profile WWW
December 22, 2020, 11:58:10 PM
 #120

I received today another suspicious email, probably a continuation of all this. Sent from noreply@ledger.com-ez29-server-14-secure.es26-email-ssl.cloud
Gmail did not recognize it as a dangerous email which is strange to me, especially since there is a link with redirection in the email.

Code:
Your Device has been deactivated.

You are required to pass identification:
https://docs.google.com/document/d/e/2PACX-1vQljtzMSIcxGYPbO3vwkSMJYAP5PdG0xqhzDFyVbD9WUqBSKoezHCWqsI7KL3n33XuslU0qc-DNfauy/pub?embedded=true

Ledger Verification Team.
8N3S-L7TN2L34WN ZE0080

.BEST..CHANGE.███████████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
███████████████
..BUY/ SELL CRYPTO..
Pages: « 1 2 3 4 5 [6] 7 8 9 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!