Ledger Crypto Wallet Loses 1M Email Addresses in Data Breach


Ledger, a French-based crypto wallet provider, faces a data breach allowing an authorized third party to access the 1M email addresses of its users.

29 July, 2020 | AtoZ MarketsCrypto wallet company Ledger provides cryptocurrencies and blockchain security solutions for individuals and businesses. It offers a series of multi-currency wallets used to store cryptocurrency private keys offline. It established in 2014, and its headquarters are in Paris, Vierzon, New York and Hong Kong.

Ledger Crypto Wallet Hack Exposes User’s Personal Info

Ledger announced that it had a data breach in its marketing and e-commerce database in late June. Affected customers include those who have signed up for the Ledger newsletter and those who have received promotional material.

The customer contact and order information was leaked, but the payment information and crypto funds were not affected. The stolen information includes email addresses, names, addresses, and phone numbers of 9,500 customers. According to the company, they fixed the data breach immediately.

Ledger first became aware of the vulnerability for a potential breach on Ledger’s website when a researcher participated in the company’s bounty program on July 14th. The company also said:

“A researcher participating in our bounty program made us aware of a potential data breach in our marketing database. We immediately investigated and fixed it. Your payment information and crypto funds are safe.”

Ledger began an internal investigation. It found that this vulnerability exploited when a third party accessed the marketing and e-commerce databases using API keys. Moreover, Ledger said it had filed a formal complaint with the authorities.

“We are actively monitoring for evidence of the database sold on the internet. And we have found none thus far,” Ledger also said. “We also performed an internal penetration [test], and we are pushing forward the external penetration testing that was originally planned for September.”

Think we missed something? Let us know in the comment section below.

Leave a Reply