Hacker publishes stolen email and mailing addresses of 270,000 Ledger cryptocurrency wallet users
- Details of Ledger hardware wallet customers provides golden opportunity for scammers
- Scams include threats to break into homes of customers if ransom is not paid
The phone numbers, email and postal addresses of over 270,000 owners of the Ledger cryptocurrency hardware wallet have been made freely available for download from a hacking forum.
The information, which is accompanied by the email addresses of over one million people who have subscribed to the Ledger newsletter, is believed to have originally fallen into the hands of criminals following a security breach at the firm back in June 2020.
Initially made available for sale through underground hacking forums populated by cybercriminals, the data is now available at no cost.
And that, inevitably, means that more and more malicious parties may attempt to exploit the information in an attempt to defraud the unwary and intimidate Ledger customers.
Such attacks are already occurring on a regular basis.
Earlier this month, for instance, Bleeping Computer reported that Ledger customers have been receiving breach notification emails saying that users need to install a new version of the Ledger Live software and reset their PIN.
However, despite appearances, the emails did not really come from Ledger but were instead sent by cybercriminals to direct unsuspecting users to a fake version of Ledger Live for Windows which would steal wallet users’ recovery phrase and secret passphrase (if they have enabled that extra layer of security).
With such information, an attacker could gain full access to a users’ cryptocurrency funds.
And just today, Ledger warned customers about another scam which has seen attackers demand a $500 ransom not to invade recipients’ homes, using information presumably leaked from the company’s servers.
At the time of writing, Ledger says it has shut down 171 phishing sites in the last two months. With the data related to Ledger’s customer base being so freely available, the number of phishing sites targeting users is only going to rise.
Ledger is asking customers who receive fake communications pretending to be from the company to report it to them.
Ledger emphasises to customers that it will never deactivate users’ devices (it’s not uncommon for phishing attacks to make such threats to trick unsuspecting users into making poor decisions), and will never contact customers via text message or phone call.
But perhaps most importantly of all, Ledger says that users should never share the 24 words of their recovery phrase “with anyone under any circumstances.” The secret recovery phrase should only ever be entered onto the Ledger device itself. or your cryptocurrency holdings could slip through your fingers.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021