A hacker who hacked into the marketing database of the Ledger hardware wallet notebook resource earlier this year exposed the personal details of thousands of users and caused many to threaten the company with mass action.
According to a tweet from Alon Gal of network security firm Hudson Rock, the hacker allegedly made all the information he received available online behind the Ledger hardware wallet leak in June. These were reported to be 1,075,382 email addresses from users who subscribed to the Ledger newsletter and 272,853 device wallet requests with information including email addresses, physical addresses and phone numbers.
“This leak poses a serious danger to those affected by it,” Gal said. “People who bought the ledger tend to have high net worth from cryptocurrencies and will now face online harassment and physical harassment on a larger scale than before.”
In response to Twitter, Ledger said that “initial indications” appeared to confirm that the leaked information was linked to a data card in June that led to the personal information of many users being compromised. Following news of the hack, several Ledger users reported phishing attempts. Some said they received persuasive emails asking them to download the new version of Ledger.
“We are constantly working with the police to track down the hackers and stop these fraudsters,” Ledger said. “Since the first hack, we have blocked more than 170 phishing sites.”
After months of reports of phishing attacks, it appears that many users are unhappy with Ledger’s response.
“If any lawyer is willing to file a class action, I am sure many of us will step in,” Twitter user Ryan Olah said. “It’s now 10,000 times worse.”
While some tokens are unlikely to be in danger of being drained from ledger wallets, users are likely to put their money at risk by giving in to these phishing attempts sent to affected emails or phone numbers. Many people report that these attacks are wise to abandon their original sentences, and have Ledger repeat:
“Never share the 24 words in your recovery phrase with anyone, even if they pretend to be a Ledger representative. Ledger will never ask you about it. The ledger will never contact you via text or phone calls.”
However, some Ledger users have indicated that phishing attacks are just one of the potential threats they may face now that the physical addresses are public. People with a large number of cryptocurrencies run the risk of being stolen and withheld until they donate them, as was the case with Singaporean businessman Mark Ching in January.
Twitter user Paul Smith said, “This is a serious breach, and I’m worried people have our addresses now.” “What is stopping them from knocking on our doors? Frankly, just an apology is not enough.”