Bitcoin Forum
December 07, 2021, 06:52:40 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 7 8 9 »  All
  Print  
Author Topic: New Ledger phishing mail targets individual users  (Read 1714 times)
btcwish1
Full Member
***
Offline Offline

Activity: 395
Merit: 108


View Profile
December 20, 2020, 01:46:20 PM
 #81

Yet again another phishing email. This time in the name of new KYC rules!! Angry

1638859960
Hero Member
*
Offline Offline

Posts: 1638859960

View Profile Personal Message (Offline)

Ignore
1638859960
Reply with quote  #2

1638859960
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1638859960
Hero Member
*
Offline Offline

Posts: 1638859960

View Profile Personal Message (Offline)

Ignore
1638859960
Reply with quote  #2

1638859960
Report to moderator
1638859960
Hero Member
*
Offline Offline

Posts: 1638859960

View Profile Personal Message (Offline)

Ignore
1638859960
Reply with quote  #2

1638859960
Report to moderator
1638859960
Hero Member
*
Offline Offline

Posts: 1638859960

View Profile Personal Message (Offline)

Ignore
1638859960
Reply with quote  #2

1638859960
Report to moderator
aesma
Hero Member
*****
Offline Offline

Activity: 1624
Merit: 674


fly or die


View Profile
December 20, 2020, 06:46:35 PM
 #82

When you buy from a foreign country, outside of a trading block, duties are always tricky. I buy tons on cheap stuff on aliexpress and clearly nobody pays the taxes, it's just a game with the customs officer, sometimes you're caught and you pay.

A ledger being small they might go through fine most of the time.
Can you tell how phishing emails and taxes for goods is related?
Anyway, I think it's correct to compare Aliexpress and Ledger. When you buy from Ledger store, VAT is already added into final price. It depends on every seller what price they show on goods declaration and also it depends on customs of each country.
By the way, at least in Europe it won't be that easy to buy goods from China without paying taxes. From 2021, we will have to pay VAT for all goods from China, there will be no more exceptions for stuff which costs less than €22. Sorry if it's slightly off-topic Cheesy.

dkbit98 just above my post was adding another accusation against Ledger, that they mess up with the taxes.  I'm French so when I ordered my Ledger through their website, there was really no customs involved (it's a French company).

Yet again another phishing email. This time in the name of new KYC rules!! Angry



You really need to not understand what it is you have bought to fall for that one.
FatFork
Hero Member
*****
Offline Offline

Activity: 714
Merit: 821



View Profile
December 21, 2020, 08:43:02 AM
Merited by o_e_l_e_o (2)
 #83

Looks like we can expect a new stream of Ledger phishing emails.
The stolen database has become available for free on 'RaidForums'. Ledger confirmed.



.freebitcoin.       ▄▄▄█▀▀██▄▄▄
   ▄▄██████▄▄█  █▀▀█▄▄
  ███  █▀▀███████▄▄██▀
   ▀▀▀██▄▄█  ████▀▀  ▄██
▄███▄▄  ▀▀▀▀▀▀▀  ▄▄██████
██▀▀█████▄     ▄██▀█ ▀▀██
██▄▄███▀▀██   ███▀ ▄▄  ▀█
███████▄▄███ ███▄▄ ▀▀▄  █
██▀▀████████ █████  █▀▄██
 █▄▄████████ █████   ███
  ▀████  ███ ████▄▄███▀
     ▀▀████   ████▀▀
BITCOIN
DICE
EVENT
BETTING
WIN A LAMBO !

.
            ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
▄▄▄▄▄██████████████████████████████████▄▄▄▄
▀██████████████████████████████████████████████▄▄▄
▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
  ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
       ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.PLAY NOW.
dkbit98
Legendary
*
Offline Offline

Activity: 1344
Merit: 2849


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 21, 2020, 08:46:55 AM
 #84

Now we see the truth what happened with hacked ledger database and one million customer information ending up on raidforums.
We can see that emails has attached name, physical addresses, phone numbers  and number assigned to it.

Quote
272.853 orders with full info details (Email, Addresses, Phone Number)
1.075.382 emails subscribed to newsletter

Now we see that ledger lied about real numbers of leaked customer data with full info.... real numbers are much much higher.

Better check if your email address is pwned and change it, oh and never trust ledger again:
https://haveibeenpwned.com/

Lucius
Legendary
*
Offline Offline

Activity: 2352
Merit: 2940


Feed one child - change the world🎗


View Profile WWW
December 21, 2020, 11:45:11 AM
 #85

Better check if your email address is pwned and change it, oh and never trust ledger again:

There is no need for any checks, everyone who has ever bought something from Ledger or left their e-mail address in any way is in that database - and all that information is now public, it’s just a matter of who suffered more damage because in addition to e-mail, all other data was leaked. Changing email means absolutely nothing, at least not for those who know how to recognize spam.

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1498
Merit: 7978


Wear a mask, slow the spread


View Profile
December 21, 2020, 11:55:52 AM
 #86

Yup, this is horrendous. The leak of 9,500 addresses was bad enough. The leak of 272 thousand addresses is horrendous. But that isn't even the worst thing. Ledger either lied and covered up the size of this leak, despite endless customer reports to the contrary, or were genuinely unaware of what data had been accessed, and this lasted for months. Either is inexcusable and unforgivable. There is zero trust left with Ledger.

I'm done with hardware wallets. I was done with Trezor after their critical vulnerability which they don't even warn new users about, and now I'm done with Ledger since they can't be trusted to be either competent, honest, or both. I am completely unaffected by this hack thanks to fake credentials, but I refuse to use my Ledger devices any longer. I'll be moving everything off them and in to airgapped cold storage as soon as the mempool empties.

Lots of reports on Reddit of people receiving ransom emails with their real name and address, and demanding payment to not be physically attacked. Horrendous.



As I've said before, if you have given your real name and address to any crypto company, now is a good time to contact them and request that they delete all of your information. Check their Terms of Service and Privacy Policy for how to go about doing so.

FatFork
Hero Member
*****
Offline Offline

Activity: 714
Merit: 821



View Profile
December 21, 2020, 12:39:05 PM
 #87

Lots of reports on Reddit of people receiving ransom emails with their real name and address, and demanding payment to not be physically attacked. Horrendous.

This is really disturbing. I can't even imagine how these people are feeling right now.

.freebitcoin.       ▄▄▄█▀▀██▄▄▄
   ▄▄██████▄▄█  █▀▀█▄▄
  ███  █▀▀███████▄▄██▀
   ▀▀▀██▄▄█  ████▀▀  ▄██
▄███▄▄  ▀▀▀▀▀▀▀  ▄▄██████
██▀▀█████▄     ▄██▀█ ▀▀██
██▄▄███▀▀██   ███▀ ▄▄  ▀█
███████▄▄███ ███▄▄ ▀▀▄  █
██▀▀████████ █████  █▀▄██
 █▄▄████████ █████   ███
  ▀████  ███ ████▄▄███▀
     ▀▀████   ████▀▀
BITCOIN
DICE
EVENT
BETTING
WIN A LAMBO !

.
            ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
▄▄▄▄▄██████████████████████████████████▄▄▄▄
▀██████████████████████████████████████████████▄▄▄
▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
  ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
       ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.PLAY NOW.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 2072
Merit: 3389


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
December 21, 2020, 12:52:50 PM
 #88

Now we see the truth what happened with hacked ledger database and one million customer information ending up on raidforums.
We can see that emails has attached name, physical addresses, phone numbers  and number assigned to it.

It also contain city, district/province and zip code, which could be used in case there's small typo on your address.

Quote
272.853 orders with full info details (Email, Addresses, Phone Number)
1.075.382 emails subscribed to newsletter

Now we see that ledger lied about real numbers of leaked customer data with full info.... real numbers are much much higher.

I can understand if the number is slighter higher than reported number, but 28 times over the reported number is horrendous. Ledger shoot their own feet this time.

Better check if your email address is pwned and change it, oh and never trust ledger again:
https://haveibeenpwned.com/

Or download the dump file from https://intelx.io/?did=8761746e-d333-4256-bbcd-9100c8722799 since it's plain text and the size roughly only 50MB.
People who bought Ledger HW wallet definitely should check the dump file.

dkbit98
Legendary
*
Offline Offline

Activity: 1344
Merit: 2849


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 21, 2020, 01:02:33 PM
Last edit: December 21, 2020, 01:14:07 PM by dkbit98
 #89

28 times over the reported number, ledger shoot their own feet this time.

When I told all the ledger shillers here that ledger team lies about 9500 number of full leak data, they told me I was wrong and to just trust the ledger. I don't see them now maybe because they got back into their small holes and hide.

Btw I think this download file you provided contains only emails and I can't find my email address there, but just to be safe I will probably change addresses I use.
EDIT: I found all other files also.

Yup, this is horrendous. The leak of 9,500 addresses was bad enough. The leak of 272 thousand addresses is horrendous. But that isn't even the worst thing. Ledger either lied and covered up the size of this leak, despite endless customer reports to the contrary, or were genuinely unaware of what data had been accessed, and this lasted for months. Either is inexcusable and unforgivable. There is zero trust left with Ledger.

They lied 100% like I said many times before, and anyone who have any contacts in darkweb could confirm this.
Zero trust confirmed and reputation ruined.
Here comes 100% discount from ledger soon...

ETFbitcoin
Legendary
*
Offline Offline

Activity: 2072
Merit: 3389


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
December 21, 2020, 01:15:48 PM
 #90

Btw I think this download file you provided contains only emails and I can't find my email address there, but just to be safe I will probably change addresses I use.

The UI of their website is a bit confusing, after you open link i mentioned, select "Tree", you should find link for whole leaked database. There's strict limitation without registration, so make sure you open file "Ledger Orders..." first.

suchmoon
Legendary
*
Offline Offline

Activity: 2884
Merit: 6873


https://bpip.org


View Profile WWW
December 21, 2020, 01:31:58 PM
 #91

Ledger confirmed.

No no no, they're "still confirming". Nothing to worry about. After months of phishing e-mails and texts and phone calls it might turn out to be a non-issue if they don't confirm. Grin

Fucking assholes and absolute clueless knobs when it comes to securing customer data or customer support or being in business altogether.

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1498
Merit: 7978


Wear a mask, slow the spread


View Profile
December 21, 2020, 01:40:22 PM
 #92

They lied 100% like I said many times before
They are claiming on Reddit that they did not lie, and the logs and investigation they performed revealed only 9,500 compromised addresses. As I said above, if they aren't lying then they are completely unaware about the security of their own systems, and someone managed to steal a quarter of million customers' details with Ledger being none the wiser. Not that it really matters - either is enough to never use them again.

Lucius
Legendary
*
Offline Offline

Activity: 2352
Merit: 2940


Feed one child - change the world🎗


View Profile WWW
December 21, 2020, 01:47:18 PM
 #93

People who bought Ledger HW wallet definitely should check the dump file.

I get data from GitHub (link posted here - forum link), but finding your data is a bit more difficult, so it would be very useful for someone to make a search option, just enough so that everyone can see if only their e-mail or all other data has been published.

suchmoon
Legendary
*
Offline Offline

Activity: 2884
Merit: 6873


https://bpip.org


View Profile WWW
December 21, 2020, 01:50:49 PM
Last edit: December 29, 2020, 02:32:51 AM by suchmoon
Merited by Lucius (1)
 #94

I get data from GitHub (link posted here - forum link), but finding your data is a bit more difficult, so it would be very useful for someone to make a search option, just enough so that everyone can see if only their e-mail or all other data has been published.

Use your browser's search-on-the-page feature to find your e-mail. Or save that file and search with any text editor.

NeuroticFish
Legendary
*
Offline Offline

Activity: 2786
Merit: 3118


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
December 21, 2020, 02:02:08 PM
 #95

People who bought Ledger HW wallet definitely should check the dump file.

I think that's still not the whole data and I fear that more may come out.
I mean... they have "only" my e-mail address although I bought the device.
...and I've checked both files from the archive on github.


Should we make a rule and forward all the mails related to Ledger we receive to Ledger's mail addresses?
Or suing them and asking for financial compensations would make them understand better how big is the fuckup they've made?

suchmoon
Legendary
*
Offline Offline

Activity: 2884
Merit: 6873


https://bpip.org


View Profile WWW
December 21, 2020, 02:14:53 PM
 #96

They are claiming on Reddit that they did not lie, and the logs and investigation they performed revealed only 9,500 compromised addresses. As I said above, if they aren't lying then they are completely unaware about the security of their own systems, and someone managed to steal a quarter of million customers' details with Ledger being none the wiser. Not that it really matters - either is enough to never use them again.

Makes the recent complains about ongoing leaks not that far fetched anymore, doesn't it.



I checked a few zip codes around me and what do you know - the number of ledger buyers per zip code follows known indicators of wealth for those areas, e.g. income and real estate prices. This might turn out to be a very valuable dataset for a wannabe burglar.

Dadounet
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
December 21, 2020, 02:22:16 PM
 #97

Hi,

I just checked today and I saw all my coordinates in the leaked file: name, email, phone, address.
A real nightmare.
Now I'm really afraid of being attacked. Not for my money (actually, I only have a small amount of crypto.. but attackers cannot guess!), but for my personal security.
What can I do?

Csmiami
Copper Member
Legendary
*
Offline Offline

Activity: 1078
Merit: 1141


I'm sometimes known as "miniadmin"


View Profile WWW
December 21, 2020, 02:37:13 PM
 #98

----

Or suing them and asking for financial compensations would make them understand better how big is the fuckup they've made?

A lot of posts ago, I mentioned that I was seeking legal advise. I have contacted my national data protection agency and I'm waiting for an update; although I'll have to update them on this one new discovery first... I'm posting some updated back in the local spanish board, but if there's enough interest, I can also bring the most important developments here too.

I'm not seeking a personal financial compensation (although that'd be neat); but at least I'd like to see a huge fine addressed to them

Lucius
Legendary
*
Offline Offline

Activity: 2352
Merit: 2940


Feed one child - change the world🎗


View Profile WWW
December 21, 2020, 02:40:24 PM
 #99

What can I do?

Unfortunately, what few people can do just like that - and that would be to move to a new address, and change the e-mail and phone number. While it can never be ruled out that there will be a physical attack on someone because of this database, potential attackers don’t have (at least I hope they don’t) data on how much crypto we own.

It's not the same to rob someone online, and break into their house or apartment - I can only say that such people will not have a good time with me - or rather, it will be their last job.

For start if you don’t have security cameras and an alarm, it would be a good time to get it.



NeuroticFish&Csmiami, I think I've asked before if there is anything that can be done about it here on the forum, but I think the answer was that Ledger was pretty well protected on that. Personally, I would very much like to join a class action lawsuit.

Csmiami
Copper Member
Legendary
*
Offline Offline

Activity: 1078
Merit: 1141


I'm sometimes known as "miniadmin"


View Profile WWW
December 21, 2020, 02:45:37 PM
 #100

potential attackers don’t have (at least I hope they don’t) data on how much crypto we own.

Who knows, they are close sourced; something that has been vastly criticized; and maybe somewhere in the code, the device sends a report on the assets each device cointains everytime you use Ledger Live. I wouldn't be surprised if such a thing was exposed right know; considering how crazy it's been since July.

I have always mentioned that the vulnerability was disclosed in July, but that we don't know how long it's been exploited; even if Ledger did delete the data after a certain amount of time, if hackers had access prior to that, well, we know how it follows.

Pages: « 1 2 3 4 [5] 6 7 8 9 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!