Ledger security breach from July 2020

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Today, a threat actor has shared an archive containing two files named 'All Emails (Subscription).txt' and 'Ledger Orders (Buyers) only.txt' that contain data stolen during the data breach.
The 'All Emails (Subscription).txt' text file contains the email addresses of 1,075,382 people who subscribed to the Ledger newsletter. The 'Ledger Orders (Buyers) only.txt' is more sensitive as it contains the names and mailing addresses for 272,853 people who purchased a Ledger device.
Cybersecurity intelligence firm Cyble has shared the leaked file with BleepingComputer, and we have confirmed with Ledger owners that the data is accurate.
Ledger further confirmed in a tweet that this data dump is likely from the June 2020 data breach.

Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.
— Ledger (@Ledger) December 20, 2020
Cyble told BleepingComputer that this data was being sold privately in August 2020.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top