A database containing the personal information of over 270,000 Ledger customers has been published on RaidForums, a marketplace for buying, selling, and sharing hacked information. The database, reviewed by The Block, contains the emails, physical addresses, and phone numbers of Ledger hardware wallet buyers. Today's leak is the result of a data breach Ledger suffered in June and also contains the emails of over 1 million Ledger customers.
In July, Ledger publicly disclosed that it had a suffered a data breach in June that compromised customer data. At that time, Ledger noted that 9,500 customers had their personal information breached. Today's database dump, however, showed that the extent of the personal information leak was far larger than 9,500 customers. A Ledger spokesperson said the firm had anticipated that more information could have been leaked in the June attack despite the total found in its review of the incident.
"At the time of the incident, logs from a third-party application managing our database showed 9,500 individuals were impacted. Simultaneously, we were working with an external security organization to conduct a forensic review, which also confirmed 9,500 people, all of whom were personally contacted by Ledger Support. Since the phishing attacks started to occur, we anticipated more information could have been leaked and continued to notify all users via Twitter and email," the spokesperson said.
In a tweet, Ledger stated that "early signs" point to the database being from its June hack. Ledger also added "It is a massive understatement to say we sincerely regret this situation. We take privacy extremely seriously" and that "Avoiding situations like this are a top priority for our entire company, and we have learned valuable lessons from this situation which will make Ledger even more secure."