2 min read

Hacker publishes stolen email and mailing addresses of 270,000 Ledger cryptocurrency wallet users

Graham CLULEY

December 21, 2020

Hacker publishes stolen email and mailing addresses of 270,000 Ledger cryptocurrency wallet users
  • Details of Ledger hardware wallet customers provides golden opportunity for scammers
  • Scams include threats to break into homes of customers if ransom is not paid

The phone numbers, email and postal addresses of over 270,000 owners of the Ledger cryptocurrency hardware wallet have been made freely available for download from a hacking forum.

The information, which is accompanied by the email addresses of over one million people who have subscribed to the Ledger newsletter, is believed to have originally fallen into the hands of criminals following a security breach at the firm back in June 2020.

Initially made available for sale through underground hacking forums populated by cybercriminals, the data is now available at no cost.

And that, inevitably, means that more and more malicious parties may attempt to exploit the information in an attempt to defraud the unwary and intimidate Ledger customers.

Such attacks are already occurring on a regular basis.

Earlier this month, for instance, Bleeping Computer reported that Ledger customers have been receiving breach notification emails saying that users need to install a new version of the Ledger Live software and reset their PIN.

However, despite appearances, the emails did not really come from Ledger but were instead sent by cybercriminals to direct unsuspecting users to a fake version of Ledger Live for Windows which would steal wallet users’ recovery phrase and secret passphrase (if they have enabled that extra layer of security).

With such information, an attacker could gain full access to a users’ cryptocurrency funds.

And just today, Ledger warned customers about another scam which has seen attackers demand a $500 ransom not to invade recipients’ homes, using information presumably leaked from the company’s servers.

At the time of writing, Ledger says it has shut down 171 phishing sites in the last two months. With the data related to Ledger’s customer base being so freely available, the number of phishing sites targeting users is only going to rise.

Ledger is asking customers who receive fake communications pretending to be from the company to report it to them.

Ledger emphasises to customers that it will never deactivate users’ devices (it’s not uncommon for phishing attacks to make such threats to trick unsuspecting users into making poor decisions), and will never contact customers via text message or phone call.

But perhaps most importantly of all, Ledger says that users should never share the 24 words of their recovery phrase “with anyone under any circumstances.” The secret recovery phrase should only ever be entered onto the Ledger device itself. or your cryptocurrency holdings could slip through your fingers.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read