Ledger "Data Breach" is very annoying and heart breaking!

[Lmaooo]

I knew Ledger was hacked weeks ago because I got a phishing mail asking me to provide my 24-word phrase, WTF?

Then, I got the following mail this morning from Ledger...


"Dear client,

We're sorry to inform you that Ledger has fallen victim to a cyber attack and that confidential data belonging to approximately 272,000 customers has been illegally obtained by an unauthorized third party.

You're receiving this e-mail because the Ledger wallet associated with your e-mail address (my email here) has been found within those affected by the breach.

To be more specific, on December 20th 2020, members of our forensics team have detected malicious software installed on one of the Ledger Live's administrative servers.

Despite our relentless efforts, as of today, it's technically impossible to make an accurate assessment of the severity of this data breach. Due to these circumstances, we must assume that your funds could be at risk of theft.

If you're receiving this e-mail, it's because you've been affected by the breach. In order to protect your assets, please download the latest version of Ledger Live and follow the instructions to set up a new PIN for your wallet.

Sincerly,
Ledger"





First of all, this email itself looks fake to me.

Because :

1. A misspelling within the mail.

2. I don't think i can ever trust anything from Ledger.

3. There's a download link below the mail requesting me to update my ledger live software which redirects to ...
 

Code:

https://kaizencoin.io/mail/1d006efae69fe28c72aee94e8c6215b8

Disclaimer: Do not open the link for your safety. Mozilla Firefox, warns it's a phishing site!


From now on, i don't think any email from Ledger should be trusted because i can fall victim of a phishing attack.

Thus, I'm putting Ledger mails to SPAM to prevent myself from further phishing and social engineering attacks.

Perhaps, I should create new email for my safety since my current email has been exposed on a hacking forum.

What do you guys think we should do about the current Ledger Data Breach? thanks

[o_e_l_e_o]

First of all, this email itself looks fake to me.

It is absolutely fake. Ledger will never ask you to download software or enter your seed phrase via an email. All updates are done automatically via Ledger Live.

Perhaps, I should create new email for my safety since my current email has been exposed on a hacking forum.

You absolutely should do this, and move all your accounts on any exchange or service over to this new email. From Reddit, users affected by this breach have been receiving scam emails disguised as Ledger, as Coinbase, as Binance, and as a variety of other services. Every email coming to your current email account could be attempted scam/phishing/fraud at this point. Create a new email.

What do you guys think we should do about the current Ledger Data Breach?

Change your email as I said above. Change your phone number too if you can. Make sure you have 2FA enabled on every account and service which you can, and make sure it is either an authenticator app or a hardware key - do NOT use SMS or email as 2FA since these are easily hacked, especially with all your personal details having leaked.

[dkbit98]

Do we really need one more ledger related topic?
- No we don't.

I don't know what is so heart breaking about leaks and hacks that happens all the time including this one, but you need to learn something from what happened.
You are not meant to have one email address for life and you can change them at any time, and also don't trust any mail you receive but double check them.

[crwth]

I received a legitimate email from noreply@ledger.com Replying to the phishing that has happened. I can see in the email that It looks legitimate. It's somewhat like what you posted but with no misspells or whatnot.

Security Notice
What happened?
 
We contacted our customers last July to tell them that part of our e-commerce marketing database had been leaked.
 
Yesterday we were informed about the dump of the content of a Ledger customer database on Raidforum. We believe this to be the contents of our e-commerce database from June, 2020. For specific questions please refer to the FAQ, which we will continue to update to address your concerns.
 
What information was involved?
 
At the time of the incident, in July, we engaged an external security organisation to conduct a forensic review of the logs available. This review of the logs enabled us to confirm that approximately 1 million email addresses had been stolen as well as 9,532 more detailed personal information (postal addresses, name, surname and phone number) that we were able to specifically identify.
 
The database publicly released yesterday shows that a larger subset of detailed information has been leaked, approximately 272,000 detailed information such as postal address, last name, first name and telephone number of our customers. These details are not available in the logs that we were able to analyse.
 
If you are part of the detailed personal information subset, you will receive a specific email notifying you within the next 24 hours (check your spam box).
 
It is important to note that this data breach is not linked to our hardware wallets nor Ledger Live security and your crypto assets are safe and not in peril of being compromised. Due to our comprehensive security scheme, attackers cannot steal your sensitive information like recovery phrases and private keys unless you give it to them. You are the only one in control and able to access this information. DO NOT GIVE YOUR 24 WORDS TO ANYONE. Ledger will NEVER ask you for your 24 words.

What we are doing
 
Since July, we notified our clients in several communications via email, blog posts, and Twitter. We are doing everything possible to make Ledger stronger for the future. We have hired a new Chief Information Security Officer (CISO). We are further hardening our already strong systems and have thoroughly reviewed our data policy. We executed penetration tests and forensic analysis with external security firms to test these and find any additional vulnerabilities on our e-commerce systems.
 
We are continuously working with law enforcement to prosecute hackers and stop these scammers. We have taken down more than 170 phishing websites since the original breach. We have notified the French data protection authority regarding the data breach and are working with other data protection authorities across the world. Our Customer Support team is working 24/7 to answer your questions.
We are doing everything we can to proactively deal with this critical situation and prevent anything similar in the future. We wish we could turn back the hands of time and make this problem disappear. Unfortunately we cannot, so we are focused on today and the future. Please be sure we are more focused than ever on security in every part of our customer experience.
 
What you can do
 
We recommend you exercise caution -- always be mindful of phishing attempts by malicious scammers. Ledger will never ask you for the 24 words of your recovery phrase, not even in Ledger Live. Ledger will never contact you via text messages or phone call.
 
Furthermore, while we do all we can, we suggest you visit the security section of Ledger Academy to educate yourself on general security principles and more precisely our article about phishing attacks. Also, familiarize yourself with the anatomy of these ongoing phishing campaigns and report any phishing you experience on this dedicated page.
 
If you want to know if your information may have been exposed previously head to https://haveibeenpwned.com/
 
We have taken immediate action to resolve the damage, and are diligently working to protect all customer information. We are extremely regretful that this incident impacts our customers and recognize it will take time to restore your confidence. We will do everything in our power to show you that this has made Ledger better, stronger, and more secure.
 
Sincerely,
Pascal Gauthier
CEO, Ledger

This is definitely the legitimate one, not yours. As I have been part of that leaked data and they are informing us as the customer that they are handling it.

Be careful with what you do and never give your seed phrase etc.

[Husires]

I thought that the company would apologize to its customers and give them some discounts for everyone affected by the hack or even update their protection systems to ensure that such events do not recur.

90% of the reason for these hacks is the reputation of the company more than making profits because even beginners will not believe these tricks and everyone who invests seriously in Bitcoin will educate themselves first.

[bob123]

I thought that the company would apologize to its customers and give them some discounts for everyone affected by the hack [...]

A discount?

What for? This would be provoking IMO. If my data was included in the leak, i wouldn't be happy with a "discount".
That's like saying "Ye, we leaked your data.. but here, take a 5$ coupon for your next purchase with us. Thanks for being our customer". 

[The Sceptical Chymist]

Do we really need one more ledger related topic?
- No we don't.

Probably not, but as I'm seeing these details for the first time, I appreciate OP sharing the e-mail he got and the community's input.  Whether you like Ledger or not, they are one of the most popular hardware wallets on the market, so I do think this should be discussed. 

I never got any e-mails from Ledger as far as I know, and I don't think I ever provided them with any personal information (like a phone number, for instance).  I'm wondering if I ought to do anything or not; I currently don't have any crypto on either of my Ledgers, so I'm not worried about having funds stolen, but who knows what info the hackers got.

Should be interesting to see how Ledger handles this over the long-term.  Hopefully it doesn't kill their brand.

[Globb0]

Shit happens, its turning into a bit of a hatchet job/witch hunt against ledger.

Its just some crappy worthless marketing database.



Means nothing. I can find rich people quicker with my eyes!

They send each other signals "I am wealthy"



I think this is overblown

[bob123]

Its just some crappy worthless marketing database.

Not only.
The leak of the mail address isn't that severe. But in combination with the name, address and phone number, that's some crucial information.

Means nothing. I can find rich people quicker with my eyes!

They send each other signals "I am wealthy"

It's not necessary about finding rich people.
It is about the fact that some people rely on the privacy cryptocurrency offer. And exactly this privacy is being taken away by this leak.
Those people should have taken the precautions before ordering a hardware wallet, but nonetheless this is a severe leak of information.

I think this is overblown

Partially maybe.
No one cares about the few thousands of dollars in crypto of an average joe. No one is going to rob you for that.

But in some developing countries, this could be pretty dangerous.

[o_e_l_e_o]

What for? This would be provoking IMO. If my data was included in the leak, i wouldn't be happy with a "discount".

Other companies have done the same or similar things in the past. After the Binance KYC leak, they gave all users who had their details stolen free lifetime VIP membership. "Yeah, we leaked your data, but now can trade with us with slightly lower fees than before!" Lol.

I never got any e-mails from Ledger as far as I know, and I don't think I ever provided them with any personal information (like a phone number, for instance).  I'm wondering if I ought to do anything or not; I currently don't have any crypto on either of my Ledgers, so I'm not worried about having funds stolen, but who knows what info the hackers got.

You should download the data leak and check for your own name, address, and phone number. If they don't appear, you do not need to do anything. If they do appear, then you need to take appropriate action. Although if I'm not mistaken, I'm sure you said in the past you bought via Amazon? In which case, your details would not appear on Ledger's own database.

-snip-

Cryptocurrency is unique from a theft point of view, in that it can be immediately, anonymously, and fully liquidated. The only other thing which is comparable is cash, but most people aren't storing thousands of dollars of cash in their homes. If someone breaks in to a wealthy person's home and steals jewellery, electronics, clothing, etc., then they have to spend more time selling that on, in small batches so as not to raise suspicion, at less than its actual value. Cryptocurrency does not have those drawbacks, and so makes it an attractive target.

[Wind_FURY]

Its just some crappy worthless marketing database.

Not only.
The leak of the mail address isn't that severe. But in combination with the name, address and phone number, that's some crucial information.

Means nothing. I can find rich people quicker with my eyes!

They send each other signals "I am wealthy"

It's not necessary about finding rich people.
It is about the fact that some people rely on the privacy cryptocurrency offer. And exactly this privacy is being taken away by this leak.
Those people should have taken the precautions before ordering a hardware wallet, but nonetheless this is a severe leak of information.

I think this is overblown

Partially maybe.
No one cares about the few thousands of dollars in crypto of an average joe. No one is going to rob you for that.

But in some developing countries, this could be pretty dangerous.

It is DEFINITELY dangerous, in any country, if bad actors have it with the correct information of how much Bitcoin you own.



That might just be a troll-job, but real criminals could do more than threaten to kidnap, and actually kidnap someone in your family before talking to you.

[Lucius]

What do you guys think we should do about the current Ledger Data Breach? thanks

If you are bothered by spam e-mails, simply create a new mail - if you are bothered by SMS phishing messages you have two options, to throw the old number in the trash or to block messages/calls from all unknown numbers (I have this option on my Android smartphone).

If you want to be sure that someone with very evil intentions will not break into your house in the middle of the night and ask you to hand over your seed, then it would be advisable to change your address, and maybe your name/surname. Once you've done all that, you don't have to worry about that database anymore, and you can send an invoice for all the costs to Ledger - of course, taking care not to endanger your privacy again.

Free advice from me, never trust Ledger again "fool me once, shame on you; fool me twice, shame on me"

[jerry0]

I noticed I receive a ton of these email as well.  But all the email pretty much went to my spam folder.



So if you followed the instructions in the scam email, what happens?  Does it ask you to type in your seed?  Or does it ask you to download or update ledger live but they give you the fake one which would give you malware?  Then again i was told with hardware wallet like nano ledger s... unless you type your seed in... you can't get hacked.  So which is true then?



Also where is the link that shows which email addresses are compromised?  Is it if you receive spam email from it... then yes?  But someone also said real name and addresses were also shown... how do you know if you are on that list or not?  Obviously there isn't a public document that shows this right?  But is there anything that says okay if your email is shown here... then your real name and address is also exposed?

[o_e_l_e_o]

So if you followed the instructions in the scam email, what happens?  Does it ask you to type in your seed?  Or does it ask you to download or update ledger live but they give you the fake one which would give you malware?  Then again i was told with hardware wallet like nano ledger s... unless you type your seed in... you can't get hacked.  So which is true then?

There are multiple scam emails being sent, so it is impossible to say what every single one will do. Some will ask you to download malicious software or software with hidden malware, some will ask you to type in your seed phrase, some are even trying to phish exchange account user names and password. None of them can access the coins on your Ledger Nano unless you type in your seed phrase somewhere or approve a transaction you did you not create.

Is it if you receive spam email from it... then yes? But someone also said real name and addresses were also shown... how do you know if you are on that list or not?

If you have been receiving a lot of Ledger spam, then yes, your email is compromised at a minimum. There is a database which contains all the names and addresses too which you can download and look up to see if your own personal details have been leaked. I'm not going to link it for obvious reasons, but the subreddit /r/ledgerwalletleak has ways of checking if your details are included.

At a minimum you should change your email address. If the rest of your personal details are also compromised, then changing your phone number and enabling 2FA on all your accounts is a good next step.

[Wind_FURY]

What do you guys think we should do about the current Ledger Data Breach? thanks

If you are bothered by spam e-mails, simply create a new mail - if you are bothered by SMS phishing messages you have two options, to throw the old number in the trash or to block messages/calls from all unknown numbers (I have this option on my Android smartphone).

If you want to be sure that someone with very evil intentions will not break into your house in the middle of the night and ask you to hand over your seed, then it would be advisable to change your address, and maybe your name/surname. Once you've done all that, you don't have to worry about that database anymore, and you can send an invoice for all the costs to Ledger - of course, taking care not to endanger your privacy again.

Free advice from me, never trust Ledger again "fool me once, shame on you; fool me twice, shame on me"

Bad-actors don't need to break into homes anymore, they can simply blackmail you, or threaten to hurt your wife/child, or anyone from your immediate family unless you send them your coins. Plus Bitcoin's surge to 6 digits has given criminals an incentive.

[HCP]

Also where is the link that shows which email addresses are compromised?  Is it if you receive spam email from it... then yes?  But someone also said real name and addresses were also shown... how do you know if you are on that list or not?  Obviously there isn't a public document that shows this right?  But is there anything that says okay if your email is shown here... then your real name and address is also exposed?

You can search here: https://www.argent.xyz/ledgerhack/

I've tested it using emails from the leaked lists that were available on Github for a while before it was taken down... it seems to be reporting the data from those lists "correctly" and will advise if your email was in the "email only" list or the "full details" list.

[Wind_FURY]

I read this article, and obviously it shows that I was very wrong. Bad-actors still are willing to break into people’s homes, and steal people’s private keys. During this bull cycle, many people became instantly rich, or richER. Don’t tell anyone, or boast about it.

https://calgaryherald.com/news/crime/police-seek-suspects-in-canyon-meadows-home-invasion

[Lucius]

The men tied up the apartment’s resident and stole computers, jewelry and bank cards from the suite. They also took cryptocurrency keys, which allow holders access to digital financial accounts.

If they hadn't stolen the crypto keys along the way, this story wouldn't be interesting for the media, would it? To me, this does not seem like a targeted robbery of the owner of cryptocurrencies, but thieves picked up everything they could find. The article does not specify what exactly is meant by "cryptocurrency keys", it may actually be an encrypted backup, public coin address or seed that has additional passphrase protection.

Don’t tell anyone, or boast about it.

I don't see the point in your warning, just under 300 000 Ledger users have been publicly exposed with all their data - they can keep quiet about it as much as they want, it won't stop thieves from visiting them.

[Pmalek]

Home robberies happen every day. Nothing in the article suggests that the bandits knew that he owned cryptocurrencies. We can't rule that out, and that possibility remains open. But it's equally possible that they went in there and took everything that had any value (like Lucius pointed out) or was tucked away somewhere as protection from prying eyes. Going by the logic: If he stored it away here, it must have some value.

The owner was also forced to revel his PIN code and one of the robbers was later videotaped withdrawing cash from an ATM. That can mean they either have no idea what does keys they took are, or they have the recovery phrase, they know what it is, and they didn't need to ask the owner any questions about it.  

[Wind_FURY]

The men tied up the apartment’s resident and stole computers, jewelry and bank cards from the suite. They also took cryptocurrency keys, which allow holders access to digital financial accounts.

If they hadn't stolen the crypto keys along the way, this story wouldn't be interesting for the media, would it? To me, this does not seem like a targeted robbery of the owner of cryptocurrencies, but thieves picked up everything they could find. The article does not specify what exactly is meant by "cryptocurrency keys", it may actually be an encrypted backup, public coin address or seed that has additional passphrase protection.

Don’t tell anyone, or boast about it.

I don't see the point in your warning, just under 300 000 Ledger users have been publicly exposed with all their data - they can keep quiet about it as much as they want, it won't stop thieves from visiting them.

The point is not to let anyone know in public, that you own Bitcoin. Like for example in Facebook, boasting to friends that you are HODLing. It would only attract the attention of scammers, and other criminals, https://fullycrypto.com/did-ledger-hack-lead-to-stockholm-bitcoin-robbery

I believe Jameson Lopp was also a victim of a targetted attack because of his Bitcoin.