A hacker forum found a database containing email addresses and physical addresses of the owners of Ledger hardware wallets, according to Bleeping Computer .
Journalists remind that the Ledger company suffered from a data leak this summer , and a vulnerability on the manufacturer’s website allowed attackers to gain access to users’ contact information. Now the hackers have published an archive containing two text files named All Emails (Subscription) .txt and Ledger Orders (Buyers) only.txt, in which data stolen in the summer can be found.
For example, the All Emails (Subscription) .txt file contained the email addresses of 1,075,382 people who signed up for the Ledger newsletter. The Ledger Orders (Buyers) only.txt file is more important because it contains the names and mailing addresses of the 272,853 people who purchased the Ledger devices.
Cyble specialists shared the leaked data with Bleeping Computer and, together with journalists, made sure of the authenticity of the information. According to experts, this data has been sold on the black market since August 2020. Ledger also confirmed on Twitter that this dump is most likely related to a summer data breach.
The publication notes that the stolen data can be used for phishing attacks against the owners of Ledger. The fact is that since October 2020, Ledger users have already been bombarded with phishing emails that disguise themselves as an official warning about data breaches. In such letters, the user is prompted to download a new version of Ledger Live, ostensibly to protect their cryptocurrency assets with a new PIN.