2 min read

Hacker publishes stolen email and mailing addresses of 270,000 Ledger cryptocurrency wallet users

Graham CLULEY

December 21, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hacker publishes stolen email and mailing addresses of 270,000 Ledger cryptocurrency wallet users
  • Details of Ledger hardware wallet customers provides golden opportunity for scammers
  • Scams include threats to break into homes of customers if ransom is not paid

The phone numbers, email and postal addresses of over 270,000 owners of the Ledger cryptocurrency hardware wallet have been made freely available for download from a hacking forum.

The information, which is accompanied by the email addresses of over one million people who have subscribed to the Ledger newsletter, is believed to have originally fallen into the hands of criminals following a security breach at the firm back in June 2020.

Initially made available for sale through underground hacking forums populated by cybercriminals, the data is now available at no cost.

And that, inevitably, means that more and more malicious parties may attempt to exploit the information in an attempt to defraud the unwary and intimidate Ledger customers.

Such attacks are already occurring on a regular basis.

Earlier this month, for instance, Bleeping Computer reported that Ledger customers have been receiving breach notification emails saying that users need to install a new version of the Ledger Live software and reset their PIN.

However, despite appearances, the emails did not really come from Ledger but were instead sent by cybercriminals to direct unsuspecting users to a fake version of Ledger Live for Windows which would steal wallet users’ recovery phrase and secret passphrase (if they have enabled that extra layer of security).

With such information, an attacker could gain full access to a users’ cryptocurrency funds.

And just today, Ledger warned customers about another scam which has seen attackers demand a $500 ransom not to invade recipients’ homes, using information presumably leaked from the company’s servers.

At the time of writing, Ledger says it has shut down 171 phishing sites in the last two months. With the data related to Ledger’s customer base being so freely available, the number of phishing sites targeting users is only going to rise.

Ledger is asking customers who receive fake communications pretending to be from the company to report it to them.

Ledger emphasises to customers that it will never deactivate users’ devices (it’s not uncommon for phishing attacks to make such threats to trick unsuspecting users into making poor decisions), and will never contact customers via text message or phone call.

But perhaps most importantly of all, Ledger says that users should never share the 24 words of their recovery phrase “with anyone under any circumstances.” The secret recovery phrase should only ever be entered onto the Ledger device itself. or your cryptocurrency holdings could slip through your fingers.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read