Ledger said on Wednesday that its e-commerce database was hacked in late June, compromising about one million email addresses. No
user funds were affected by the breach.
In a blog post, the French bitcoin hardware wallet company revealed that contact and order information for customers was also exposed.
Ledger
added that, for a subset of 9,500 customers, details such as first and
last name, postal address, and phone number were leaked. The hack, which
targeted the firm’s marketing and e-commerce database, has since been
patched, it said.
A researcher who participated in Ledger’s bug
bounty program discovered the vulnerability and reported it on July 14.
Ledger responded by fixing the problem, but not before realizing the
vulnerability had already been exploited by an unauthorized third party
on June 25.
Someone accessed the company’s marketing and
e-commerce database – used to send order confirmations and promotional
emails – using an API key that has since been deactivated. Payment
information, passwords, and funds were not affected.
“This data
breach has no link and no impact whatsoever with our hardware wallets
nor Ledger Live security and your crypto assets, which are safe and have
never been in peril,” Ledger detailed.
Ledger
said it is “extremely regretful” for the breach. The company stated it
filed a report with France’s Data Protection Authority, the CNIL, on
July 17, and partnered with Orange Cyberdefense four days later “to
assess the potential damages of the data breach and identify potential
data breaches.”
Ledger is looking for evidence of the stolen data
being sold on the internet, but nothing has been found so far. The firm
warned users to be “always be mindful of phishing attempts by malicious
scammers.”
What do you think of the Ledger data breach? Let us know in the comments section below.
source link ; https://news.bitcoin.com/crypto-hardware-wallet-firm-ledger-hacked-one-million-customer-emails-exposed/
