Digital currency hardware wallet manufacturer Ledger has experienced a data breach in which 1 million customer email addresses and other identification information has been stolen.
According to the official announcement from Ledger, “An unauthorized third party had access to a portion of our e-commerce and marketing database through an API Key. The API key has been deactivated and is no longer accessible.”
The attack occurred on June 25, but the Ledger team was made aware of the incident on July 14 when a researcher participating in Ledger’s bounty program discovered the data breach.
Once the attacker gained access to the e-commerce and marketing database, they extracted 1 million customer email addresses, as well as the first and last name, postal address, phone number, and ordered products of 9,500 customers.
No payment information or digital currency private keys were compromised in the attack, according to Ledger.
Look out for scams
Ledger has contacted the French Data Protection Authority to inform them of the breach and has partnered with Orange Cyberdefense to assess the damage and potential consequences of the attack.
Although the only effects of the attack have been the theft of 1 million accounts’ data, Ledger is warning its users to look out for phishing scams in the near future. The Ledger team believes that the attacker may use the data they obtained to solicit customers and try to obtain access to their digital currency wallets.
If you are the owner of a Ledger digital currency hardware wallet, Ledger wants you to keep the following information in mind so that you can best protect yourself and not fall for a phishing scam:
“Ledger will never ask you for the 24 words of your recovery phrase. If you receive an email that looks like it came from Ledger asking for your 24 words, you should definitely consider it a phishing attempt.”
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
