AB de Royse777
Legendary
Offline
Activity: 2660
Merit: 4092
Campaign Manager. My Telegram @Royse777
|
|
December 21, 2020, 06:51:24 PM |
|
I have changed emails multiple times and now my new one is clean, lets hope it stays that way.
I figured it. You can change email, but now I see my home address, old phone number are really public. This sucks. I am glad that the email address does not have my nick so no one can find me, but it's always an uncomfortable experience. Imagine someone in a region where crypto is not legal, the agency finds their details, and they got themselves in trouble.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
bL4nkcode
Copper Member
Legendary
Offline
Activity: 2142
Merit: 1307
Limited in number. Limitless in potential.
|
|
December 21, 2020, 09:59:02 PM |
|
Imagine someone in a region where crypto is not legal, the agency finds their details, and they got themselves in trouble.
Only if these agencies will let their time randomly check the list, imagine checking this million of info with their thousands or millions list of people, also when and by whom they'll start checking. Btw I just received an email from phishing@ledger.fr, I'm sure this isn't from bad actors. Checked out my email address on https://haveibeenpwned.com/ and yes my old email is on there as well... Great! Thanks Ledger for keeping such data on a live database and making it super easy to grab.... Thanks, so much for security! Heard ya, I checked and my email it's there as well, good thing this email isn't commonly used by me. I just moved to another location from the physical address I entered on ledger so this will not concern me,
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
December 22, 2020, 12:46:23 AM |
|
Something thoughtfully uploaded all the files to github: https://github.com/xoso9/ledgerhackYou can just download the raw text files (or the .rar archive as it's smaller) and search in a texteditor if you find that website database too annoying to use. Thankfully my details are not in the buyers database... just my email and Gmail spam seems to be taking care of all the ridiculous "Your ledger has been blocked" nonsense emails. Remember folks, don't click on links in emails... and NEVER give your 24 words to anyone... They should only ever be entered directly on the device. Do NOT enter into any application or any website... #staySafe
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1652
Merit: 1901
Amazon Prime Member #7
|
|
December 22, 2020, 03:48:05 AM |
|
So now the leaked Ledger databased can be accessed publicly, just matter of time before Ledger user specifically targeted either through threat or violence. Changing email address and phone number are relative easy, but it's hard to move to different house and i doubt anyone want to change their legal name.
There are a lot of people who purchased a ledger to store nominal or modest amounts of coin. There are probably many more people who have purchased a ledger who no longer have coin for one reason or another. There are no txid's disclosed in the databreach, so it will be difficult to conclude how much coin anyone who purchased a ledger had or has. A person's address is generally public information, at least most of the time. I would not be terribly worried about my address being in this breach.
|
|
|
|
witcher_sense
Legendary
Offline
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
|
|
December 22, 2020, 05:40:34 AM |
|
There are a lot of people who purchased a ledger to store nominal or modest amounts of coin. There are probably many more people who have purchased a ledger who no longer have coin for one reason or another.
First of all, we don't know for sure what amount will be considered nominal or modest in the future, it may well be that your small 0.0001 BTC will worth one million dollars one day. Since sensitive information is already leaked, it will remain publicly available forever, which means everyone in this database is in danger. Secondly, people rarely spend 50$ for no reason when it comes to buying specific hardware. It is safe to assume that most people who bought hardware wallets will hold a certain amount on them. There are no txid's disclosed in the databreach, so it will be difficult to conclude how much coin anyone who purchased a ledger had or has. If Ledger company were recording txids and later that fact were to disclosed, it would be immediately driven out of business. I doubt they would take such a risk. But who knows? A person's address is generally public information, at least most of the time. I would not be terribly worried about my address being in this breach.
The address of a person who bought a hardware wallet is not public information. Otherwise, no one would call it a leak.
|
|
|
|
xxjumperxx
Sr. Member
Offline
Activity: 574
Merit: 272
Buy Bitcoin!
|
|
December 22, 2020, 06:00:50 AM |
|
A person's address is generally public information, at least most of the time. I would not be terribly worried about my address being in this breach.
Of course the address is public information, but A) It doesnt say in the world wide web who lives there specifically B) It doesnt say anywhere (well now it does) that they are associated with Bitcoin C) All the info that goes with it, from phone number to email etc... This is a major breach even it does not include amounts held by certain person...
|
|
|
|
Rikafip
Legendary
Offline
Activity: 1932
Merit: 6421
|
|
December 22, 2020, 08:26:23 AM |
|
Don't worry guys, Ledger has it sorted. Here it is, special Ledger Christmas Pack! To protect yourself from all future database leaks and conseqeuent $5 wrench attacks, with every purchased Ledger Nano X you get Glock for free! Perfect Christmas present if you ask me!
Joke aside, what to say about all this that haven't been said before.. It is a shame that they are still market leaders and I am seriously considering getting something else, simply out of principle.
|
|
|
|
xxjumperxx
Sr. Member
Offline
Activity: 574
Merit: 272
Buy Bitcoin!
|
|
December 22, 2020, 09:03:28 AM |
|
Don't worry guys, Ledger has it sorted. Here it is, special Ledger Christmas Pack! To protect yourself from all future database leaks and conseqeuent $5 wrench attacks, with every purchased Ledger Nano X you get Glock for free! Perfect Christmas present if you ask me!
Joke aside, what to say about all this that haven't been said before.. It is a shame that they are still market leaders and I am seriously considering getting something else, simply out of principle. Looks like a good package deal! Grab a ledger and hand out a glock with it, just in case your data ever gets leaked again as a new buyer... I do hope that it just stays at threats from random users per email and it doesnt become any worse and people do start coming by and robbing ledger users in the hope of grabbing the ledger and using it to steal coin.
|
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1598
|
|
December 22, 2020, 09:23:05 AM |
|
You can just download the raw text files (or the .rar archive as it's smaller) and search in a texteditor if you find that website database too annoying to use.
Damn, that database looks way larger than I imagined.. Well, all we can hope for right now is that no physical attacks will happen at those leaked places..
|
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2660
Merit: 4092
Campaign Manager. My Telegram @Royse777
|
|
December 22, 2020, 10:26:20 AM |
|
Only if these agencies will let their time randomly check the list, imagine checking this million of info with their thousands or millions list of people, also when and by whom they'll start checking.
The country is there. So say country X has crypto illegal. They filter the data with the country first. Now they have all the data who are from the same country. Take/abuse or whatever they want to do with those things. Even there could be some fraud people act like this: Get a group, make some fake IDs, go door to door and threaten people and then maybe in return ask for some on-spot fine. Criminals including government agencies can do anything if they want. A person's address is generally public information, at least most of the time. I would not be terribly worried about my address being in this breach.
I think there are nothing to be terribly worried but everyone should be aware that if anything coming on their way physically then verify first that they are dealing with the right person. Obviously if any email comes from Ledger then just ignore it, there are no need to click the button they always send with the email. Clicking this button will do all harms.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
mk4
Legendary
Offline
Activity: 2912
Merit: 3881
📟 t3rminal.xyz
|
|
December 22, 2020, 02:05:14 PM |
|
Joke aside, what to say about all this that haven't been said before.. It is a shame that they are still market leaders and I am seriously considering getting something else, simply out of principle.
It really sucks that this happened to Ledger out of all companies knowing that they're in the security niche, but people should really keep mind of the quote by Michael Harris: " There are only two types of companies: those that have been hacked, and those that will be.". Databases get breached all the time. It's just inevitable that it will also happen to Trezor and other crypto companies someday, it's just a matter of when; or if said companies survive long enough.
|
|
|
|
Rikafip
Legendary
Offline
Activity: 1932
Merit: 6421
|
|
December 22, 2020, 04:15:08 PM Last edit: December 23, 2020, 10:10:25 AM by Rikafip Merited by vapourminer (1) |
|
It really sucks that this happened to Ledger out of all companies knowing that they're in the security niche, but people should really keep mind of the quote by Michael Harris: "There are only two types of companies: those that have been hacked, and those that will be.".
Databases get breached all the time. It's just inevitable that it will also happen to Trezor and other crypto companies someday, it's just a matter of when; or if said companies survive long enough.
That's true, nothing is impenetrable, and chances are that something similar will happen to Trezor and the others when they become big/interesting nough. I fully understand that Ledger was most attractive to scammers as they are market leaders, but still they should focus more on the safety, and maybe not keep customer database if it's not required by some law. Why not just keeping email and that's it? Considering what they are selling, they should be fully aware of the repercussions if something goes wrong, like it happened now. I feel kinda stupid that I thought it will be safer to buy Ledger directly from them and not buying from local shop, but guess I was wrong. Lesson learned. Who knows, maybe they start doing their job properly when market share start decreasing. It is not directly connected to this hack, but few months ago @dkbit98 made an interesting analysis how much two most popular hardware wallets websites are tracking us. Results were kinda disappointing, to say the least. One would think that they care a little bit more about customers privacy. We all see that hardware wallet manufacturers are constantly competing for customers, but let's see how much they value our privacy and what are they thinking about tracking. For this purpose I used Blacklight, A Real-Time Website Privacy Inspector from The Markup website
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
December 22, 2020, 04:23:32 PM |
|
It is not directly connected to this hack, but few months ago @dkbit98 made an interesting analysis how much two most popular hardware wallets websites are tracking us. Results were kinda disappointing, to say the least. One would think that they care a little bit more about customers privacy.
This is completely irrelevant. This is exactly how the world wide web works. You are being tracked on most websites. Facebook, google services, news sites, online shops, etc.. If you expect trezor or ledger to behave otherwise, you are naive. If one really cares about privacy, there is no way around noscript and some ad blocking mechanism (either via DNS or browser extension).
|
|
|
|
dkbit98
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
December 22, 2020, 04:24:07 PM |
|
Databases get breached all the time. It's just inevitable that it will also happen to Trezor and other crypto companies someday, it's just a matter of when; or if said companies survive long enough.
Well this is not going to happen for Trezor wallet exactly like that because SatoshiLabs have much better policy regarding keeping all customer data information and I think they delete everything after some time and you can ask them to delete everything at any time. I don't support Trezor in any way, just saying the facts and Trezor have their own problems also. It would be nice to listen this video with Andreas Antonopoulos, Jameson Lopp and others regarding ledger leak: https://youtu.be/uKCMx8nqQhY
|
|
|
|
decodx
|
|
December 22, 2020, 05:28:34 PM |
|
Databases get breached all the time. It's just inevitable that it will also happen to Trezor and other crypto companies someday, it's just a matter of when; or if said companies survive long enough.
If I read their statement in the email correctly, the data was leaked due to a fault in their e-commerce API. Let's not imply, therefore, that this can happen to anyone. This is nothing but a Ledger's negligence.
|
|
|
|
ScamViruS
|
|
December 22, 2020, 05:58:53 PM |
|
Databases get breached all the time. It's just inevitable that it will also happen to Trezor and other crypto companies someday, it's just a matter of when; or if said companies survive long enough.
If I read their statement in the email correctly, the data was leaked due to a fault in their e-commerce API. Let's not imply, therefore, that this can happen to anyone. This is nothing but a Ledger's negligence. If the customer's data is leaked due to system failure of any of their websites, then the ledger should take the responsibility. This is because crypto users have bought ledgers with the idea of staying safe, but when their important personal data is leaked in this way, it is a matter of concern. Now this data from hackers will fall into the hands of different types of scammers, and they will use this data to promote their scams. Scammers will use this data to promote fake airdrop, ico, phishing websites etc.
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1652
Merit: 1901
Amazon Prime Member #7
|
|
December 22, 2020, 07:17:15 PM |
|
There are no txid's disclosed in the databreach, so it will be difficult to conclude how much coin anyone who purchased a ledger had or has. If Ledger company were recording txids and later that fact were to disclosed, it would be immediately driven out of business. I doubt they would take such a risk. But who knows? They obviously have the txids of all the payments they have received, as they know the private keys of all the addresses they have received payment to. I don't think it would be a major breach of trust for a company to keep track of how each of their customers paid. They obviously need to keep track of if each customer paid or not. A person's address is generally public information, at least most of the time. I would not be terribly worried about my address being in this breach.
Of course the address is public information, but A) It doesnt say in the world wide web who lives there specifically B) It doesnt say anywhere (well now it does) that they are associated with Bitcoin C) All the info that goes with it, from phone number to email etc... This is a major breach even it does not include amounts held by certain person... The only real additional information leaked is the fact that each person at one point likely owned some amount of crypto at one point. Everything else is already public for many people. There are a lot of people who purchased a ledger to store nominal or modest amounts of coin. There are probably many more people who have purchased a ledger who no longer have coin for one reason or another.
It's possible, but some criminal could simply assume you have coin and decide to harm you. I don't think many people want to harm a person solely because they have a lot of money. It is probably more common for a criminal to threaten to harm someone unless they pay a ransom. If a criminal were to do this to someone without the means to pay, they would be risking years/decades in jail for nothing.
|
|
|
|
Baofeng
Legendary
Offline
Activity: 2772
Merit: 1678
|
|
December 22, 2020, 10:08:00 PM |
|
^^ Well you can tell that to the person/s I just got a death threat . So it's within the realm that this criminals are just lurking around those ledger owners, and we don't know when they are going to physically attack us in our home because Ledger f**k up their customers here big time.
|
RAZED | │ | ███████▄▄▄████▄▄▄▄ ████▄███████████████▄ ██▄██████▀▀████▀▀█████▄ ░▄███████████▄█▌████████▄ ▄█████████▄████▌█████████▄ ██████████▀███████▄███████▄ ██████████████▐█▄█▀████████ ▀████████████▌▐█▀██████████ ░▀███████████▌▀████████████ ██▀███████▄▄▄█████▄▄██████ █████████████████████████ █████▀█████████████████▀ ███████████████████████ | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ███████████████████ | RAZED ORIGINALS SLOTS & LIVE CASINO SPORTSBOOK | | | NO KYC | | │ | RAZE THE LIMITS ►PLAY NOW |
|
|
|
decodx
|
|
December 22, 2020, 10:37:26 PM Merited by vapourminer (1) |
|
The only real additional information leaked is the fact that each person at one point likely owned some amount of crypto at one point. Everything else is already public for many people.
No, no. The real additional information is that now my full name is connected to my private email address, home address and phone number, as well as information that I very likely have a certain amount of cryptocurrencies. That's more than enough to be the subject of targeted attacks by various criminals. Look, I'm not trying to crucify anyone here, but if I buy something online and give my delivery address, I definitely don't expect the data to become accessible to the entire world through some publicly available API. I don't think many people want to harm a person solely because they have a lot of money.
Are you serious? So it's perfectly normal for you to walk through a tough neighborhood at night with money sticking out of your pockets?
|
|
|
|
notblox1
Legendary
Offline
Activity: 2240
Merit: 1316
Logo Designer ⛨ BSFL Division1
|
|
December 22, 2020, 10:50:21 PM |
|
It is important not to panic and do some rush things because we all suspected for months that all customer data could be exposed. Don't stop using Ledger wallet, but stop responding and reacting to emails you receive from scammers, and never enter your seed words on any website ever.
|
|
|
|
|