13 August 2020
On Wednesday, Ledger announced that its e-commerce database was hacked in late June that caused the loss of one million email addresses. However, no user funds were affected by the breach.
In the blog post of the bitcoin hardware wallet Ledger reveals that information of the customers and contacts were exposed.
As per the post of Ledger, a subset of 9,500 customers, details such as first and last name, postal address, and phone number were leaked. It further read the hack that targeted the firm’s marketing and e-commerce database has since been patched.
A researcher who participated in Ledger’s bug bounty program found the vulnerability and reported it on July 14. The platform tried to fix the problem but was unaware that vulnerability had already been exploited by an unauthorized third party on June 25.
Hacker got access to the company’s marketing and e-commerce database – used to send order confirmations and promotional emails – using an API key that has since been deactivated. Although the hack didn’t affect Payment information, passwords, and funds.
Ledger stated, “this data breach has no link and no impact whatsoever with our hardware wallets nor Ledger Live security and your crypto assets, which are safe and have never been in peril.”
Ledger stated that it is “extremely regretful” for the breach. The company has filed a report with France’s Data Protection Authority, the CNIL, on July 17, and partnered with Orange Cyberdefense four days later “to assess the potential damages of the data breach and identify potential data breaches.”