The manufacturer of purses cold of Bitcoin reported that it was hacked its database.
The cybercriminals did not agree to the funds of the users, nor to the financial information.
Ledger, company manufacturer of purses cold of bitcoin, revealed today that he was the victim of hackers. The database of their marketing department was hacked, leaking a million emails and some personal documents of its users.
In an official statement, the company explains that the data that was leaked included contact details such as first and last names, mailing address, email address and phone number.
According to Ledger, all customers whose data were ventilated have been informed by e-mail. He adds that investigations are underway with the French authorities for cyber security.
He added that the criminals were unable to access the private keys, nor to the financial information. For that reason, the funds of the users would be safe, as the leak had to do with purses cold, or your service Ledger Live.
How has been hacked to Ledger?
Ledger reported that a researcher who participates in your rewards program for reporting errors found the vulnerability last July 14. The company claims to have acted immediately on the problem by closing the gap of the possible leakage of data, after which it launched an internal investigation.
Later, the work of probing revealed that hackers had already exploited the vulnerability, the 25 of June, much before it was detected the problem. It was then when it was determined that an intruder managed to penetrate into the database of the departments of marketing and e-commerce using an API key to seize the data of a million customers.
Ledger adds that it is monitoring if the data stolen by the hackers have been put on sale on the Dark Web, but until now has not found evidence of this. At the same time, asks their customers to be vigilant because there is the possibility that criminals attempt to use the data to steal your bitcoins.
“We recommend that you be careful, always be aware of phishing attempts from scammers, malicious. In a few words, Ledger will never ask for the 24 words of your phrase of recovery. If you receive an e-mail message that appears to come from Ledger asking for the 24 words, you should definitely consider it a phishing attempt”.
Official statement of Ledger.
In may, past users of Ledger also were alerted by a hacker who claimed to have in his possession hundreds of filtered data of the customers of the manufacturer of purses hardware of bitcoin and other companies such as Trezor and Bitso.
As reported Breaking News at that time, the Twitter account of “Under the Breach”, which deals with the investigation of cyber-crimes, launched an alert by revealing a conversation with a hacker who claimed to have hacked the databases of popular purses hardware as a Ledger.
The hackers were able to penetrate the database of the departments of marketing and e-commerce of the manufacturer of purses bitcoin Ledger. Source: Schluesseldienst/pixabay.com
During this conversation, the hacker demanded that they were offered a sum of money for the data of the users who had in their power, including their names, email addresses, phone numbers and physical addresses. Also said do not have passwords for these accounts. Later Ledger published a detailed report in which it described the attempt of the hacker as a hoax.
Now, once the company confirmed that it was hacked their database, the account “Under the Breach” brought out the alert which had launched in may, mentioning the possibility that the criminals had already sold the data in that opportunity. However, Ledger returned to point out that the research “demonstrated that the alleged violation of the may data was false. It is not related to the leak that we discovered on 14 July.”