Data not breached, how were the hackers about to send email?

[Oshosondy]

Blockstream Green warned its users about phishing attack. The hackers will send emails that Blockstream Jade users should update their firmware. It was a fake email coming from hackers.




Are they sure that no data like email of their customers that bought the hardware wallet device directly from Blockstream website was not leaked?

How were the hackers targeting users email?

[Bitcoin_Arena]

The data could have leaked or not.
Maybe they just got a report from a couple of random users who received the fake message. It doesn't mean blockstream had a data breach.  For example, if there is a CoinMarketCap data breach, the hacker assumes that whoever registered with CoinMarketCap has a high interest in crypto trading, and therefore they could start sending users of Binance exchange phishing messages or something like that.

[nestex_one]

Blockstream Green warned its users about phishing attack. The hackers will send emails that Blockstream Jade users should update their firmware. It was a fake email coming from hackers.




Are they sure that no data like email of their customers that bought the hardware wallet device directly from Blockstream website was not leaked?

How were the hackers targeting users email?

If the email sent by the hackers starts with something like "Dear user" or "Dear client" or suchlike, there's a chance Blockstream's user data was not compromised.

Phishing scammers usually try to make the email as realistic as possible, so they would have used "Dear [your name]" if they had access to that information.

Not saying Blockstream's data wasn't leaked at all; but it's also possible your email id was in some 'list of emails' bundle out there and the phisher got a hold of it.

[TryNinja]

How were the hackers targeting users email?

They could be blindly shooting those emails to every crypto email list they have.

CoinMarketCap, CoinTracker, Ledger, ... just to name a few big crypto websites that had data leaks in the past and have probably been grouped together into a single list. If they know you are a CMC user, they will send you emails about Blockstream's Jade, Trezor, Ledger, etc... beceuase they know there will always be a few hits.

[hugeblack]

So it's always best to use an email provider that allows you to create dozens of aliases that you can freeze, isolate or stop them when such attacks occur (it should be assumed that such data is always leaked).

[The Cryptovator]

Blockstream Green warned its users about phishing attack. The hackers will send emails that Blockstream Jade users should update their firmware. It was a fake email coming from hackers.

Are they sure that no data like email of their customers that bought the hardware wallet device directly from Blockstream website was not leaked?

How were the hackers targeting users email?

It could be without a data breach as well. Because sometimes I receive some emails where I haven't registered ever. So this would happen from other platforms' data breaches as well. From the breached data some users might use their wallet, so they might be confused by that kind of email. However, even if a data breach happened on the Blockstream website, they might try to hide it. But it's good to see they warned their users about fake emails.

Whatever the reason, we should always update from the website or from the official sources like the Play Store. Even if I receive mail from Ledger, I don't bother to click there. Instead, I visit the office website, not even from a Google search. Then try to update the wallet software.

[Z-tight]

Phishing emails like this can look so legitimate and the scammers have a high chance of successfully hitting one or two people. So they would not mind randomly sending it to every email address they have gathered from a crypto service breach.

About a week ago a developer was hacked through a 2fa update phishing link and it led to a huge NPM hack. It just goes to show that even the experienced can be pwned sometimes, so we have to be very careful and verify everything.

[examplens]

It doesn't have to be a leak or any hack. It is enough for one employee to accidentally or intentionally share their passwords/access codes somewhere. When there are similar cases, it is always about a human mistake.
Given that there are only a few phishing emails, an internal investigation may not even be conducted.

[TryNinja]

So it's always best to use an email provider that allows you to create dozens of aliases that you can freeze, isolate or stop them when such attacks occur (it should be assumed that such data is always leaked).

Another option for most people who uses Gmail is to use the + sign after your email which delivers the email to your main email and can be identified.

For example:

hugeblack@gmail.com -> hugeblack+blockstream@gmail.com

If the leak is from blockstream, you'll see the phishing emails coming from the above email.

You can't disable them to stop the incoming spam, though... so your option is better if the provider supports it.

[nestex_one]

For example:
hugeblack@gmail.com -> hugeblack+blockstream@gmail.com

If the leak is from blockstream, you'll see the phishing emails coming from the above email.

You can't disable them to stop the incoming spam, though... so your option is better if the provider supports it.

Gmail does have rules/filters to block incoming email based on a + alias, so this can actually work