Ledger security breach from July 2020

[silversurfer]

Today, a threat actor has shared an archive containing two files named 'All Emails (Subscription).txt' and 'Ledger Orders (Buyers) only.txt' that contain data stolen during the data breach.
The 'All Emails (Subscription).txt' text file contains the email addresses of 1,075,382 people who subscribed to the Ledger newsletter. The 'Ledger Orders (Buyers) only.txt' is more sensitive as it contains the names and mailing addresses for 272,853 people who purchased a Ledger device.

Cybersecurity intelligence firm Cyble has shared the leaked file with BleepingComputer, and we have confirmed with Ledger owners that the data is accurate.
Ledger further confirmed in a tweet that this data dump is likely from the June 2020 data breach.

Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.
— Ledger (@Ledger) December 20, 2020​

Cyble told BleepingComputer that this data was being sold privately in August 2020.

Physical addresses of 270K Ledger owners leaked on hacker forum

A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.

www.bleepingcomputer.com