Posts

Ledger database leaked, addresses and contact information exposed

avatar of @themarkymark
25
@themarkymark
·
·
0 views
·
2 min read

On June 25th, 2020 Ledger had a data breach exposing their e-commerce and marketing databases. Ledger reports these databases mostly included only email addresses but in some cases complete contact information like name, address, email, and phone. Ledger claims payment and crypto information is secure and has not been compromised.

The breach was originally identified as a risk by their bug bounty program and was later exploited after the potential breach was patched. Ledger states the potential vulnerability was "further exploited" a month earlier by a hacker who gained full access to these databases.

Ledger has hired Orange Cyberdefense to analyze the damage done and find and patch any potential existing vulnerabilities. Ledger is also conducting internal pen testing to further identify any potential weaknesses in their security.

"We are extremely regretful for this incident. We take privacy very seriously, we discovered this issue thanks to our own bug bounty program, we fixed it immediately. But regardless of all what we did to avoid and fix this situation, we sincerely apologize for the inconvenience that this matter may cause you."

- Ledger

A representative from Ledger mentioned on Reddit that all parties exposed will be contacted and notified of any personal information of theirs that has been leaked.

These types of breaches are happening at an alarming rate and organizations have to win 100% of the battles where hackers only have to win once to be successful. Whenever possible, it is recommended to minimize the amount of information you give to any third-party as it doesn't matter how secure you are, there is always a third-party that will eventually compromise your information.

You can read the full Ledger announcement of the breach here

images: [1](https://shop.ledger.com/products/ledger-nano-x/?flow_country=USA)

Securely chat with me on Keybase

Why you should vote me as witness

Posted Using LeoFinance