Physical Addresses of 270K Ledger Owners Leaked On Hacker Forum

A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. BleepingComputer reports: Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows. In June 2020, Ledger suffered a data breach after a website vulnerability allowed threat actors to access customers' contact details. Today, a threat actor has shared an archive containing two files named 'All Emails (Subscription).txt' and 'Ledger Orders (Buyers) only.txt' that contain data stolen during the data breach.

The 'All Emails (Subscription).txt' text file contains the email addresses of 1,075,382 people who subscribed to the Ledger newsletter. The 'Ledger Orders (Buyers) only.txt' is more sensitive as it contains the names, mailing addresses, and phone numbers for 272,853 people who purchased a Ledger device. The release of this data on a hacker forum poses a significant risk as it provides numerous threat actors data that can be used in phishing attacks against Ledger owners.

"phishing attacks"? sure, physical attacks? ouch!

[JcMorin]

I'm there is a 100% certainly they will get tons of phishing attacks... what I'm worry is the fact they have their real address, some of them could have a unexpected visits.

Re:

[bill_mcgonigle]

$5 wrench attacks and sim swaps.

Hardware Wallet

[PPH]

Why would Ledger have anything other than a throw-away e-mail address and a dead drop mailbox for me? Not that I'm planning any black market activities. But one attraction of Bitcoin and hardware wallet solutions is the ability to stuff the thing into my pocket, travel across borders and leave no link back to The Real Me. If the hackers can track me, so can my government.

Re:

[tlhIngan]

Why would Ledger have anything other than a throw-away e-mail address and a dead drop mailbox for me? Not that I'm planning any black market activities. But one attraction of Bitcoin and hardware wallet solutions is the ability to stuff the thing into my pocket, travel across borders and leave no link back to The Real Me. If the hackers can track me, so can my government.

OpSec isn't necessarily the priority of a lot of people - Bitcoin users are probably using it as an investment and they hear you should us

Finally

[Jacamoo]

Good to get to the bottom of this! I've been getting ledger related phishing txts for about a month on the sim I supplied, luckily the rest of the info I supplied to ledger is already useless :) I'm guessing the data has already made it through a few hands though as the writing style varies a lot between attempts

Great!

[NoMoreACs]

Anything to bring down or undermine criminals' confidence in the "security" of Cryptocurrency (and thus help bring down its main use, Ransomware Payments), is just fine by me!

This is one data breach I, for one, would love to see much more of...

Sorry Woz! (see, WOZX).

Venn Diagram

[kaizendojo]

I'd love to see a Venn diagram of the guys that say how great and safe crypto is vs. the guys that say the upcoming year will be the year of Linux on the desktop.

Damn!

[DontBeAMoran]

Does that mean I can risk losing my 1337 Dogecoins?!