On June 25th, 2020 Ledger had a data breach exposing their e-commerce and marketing databases. Ledger reports these databases mostly included only email addresses but in some cases complete contact information like name, address, email, and phone. Ledger claims payment and crypto information is secure and has not been compromised.
The breach was originally identified as a risk by their bug bounty program and was later exploited after the potential breach was patched. Ledger states the potential vulnerability was "further exploited" a month earlier by a hacker who gained full access to these databases.
Ledger has hired Orange Cyberdefense to analyze the damage done and find and patch any potential existing vulnerabilities. Ledger is also conducting internal pen testing to further identify any potential weaknesses in their security.
"We are extremely regretful for this incident. We take privacy very seriously, we discovered this issue thanks to our own bug bounty program, we fixed it immediately. But regardless of all what we did to avoid and fix this situation, we sincerely apologize for the inconvenience that this matter may cause you."
- Ledger
A representative from Ledger mentioned on Reddit that all parties exposed will be contacted and notified of any personal information of theirs that has been leaked.
These types of breaches are happening at an alarming rate and organizations have to win 100% of the battles where hackers only have to win once to be successful. Whenever possible, it is recommended to minimize the amount of information you give to any third-party as it doesn't matter how secure you are, there is always a third-party that will eventually compromise your information.
You can read the full Ledger announcement of the breach here
images: 1
Why you should vote me as witness
Posted Using LeoFinance
They should delete unnecessary information as soon as possible. I can't see why they need to keep it after the warranty period and can't encrypt it.
Any centralised database storing private data is a target and as you say the good guys have to win 100% of the time (which isn't possible).
The current Web 2.0 model of internet security is fundamentally broken.
Only decentralised Web 3.0 solutions can solve this problem.
Most people re-use passwords.
If a multiple use password is stored anywhere online in a central database it will be hacked at the weakest link and then the strongest protections are of no use.
Perfect
#posh
I was just talking with @nickyhavey about these like 2 days ago and I was planning to buy one. Too bad they don't have an affordable price for everybody/every country 😔
Yeah I had an email from them saying my details were compromised. Beyond pissed seeing as I bought the Ledger 2.5 years ago. Feel that details should be removed after a certain period of time and not open to security breaches like this
Posted using Dapplr
I was just thinking to buy one Ledger X yesterday. Not so sure anymore...
My spidey sense says that many of the data breaches of this nature are done by government intelligence agencies to obtain information without warrant or user permission. It allows them to deny all involvement and circumvent any regulations. many of the breaches seem like random targets, bu in a lot of cases (like DNA databases, identity of crypto users, etc) there seems to be strange motives.
Orange Cyberdefense 💪🏼💪🏼💪🏼💪🏼💪🏼💪🏼💪🏼💪🏼💪🏼💪🏼
is it a recommandation or a THREAT on your side ?!