Published a database, property of Ledger

Posted date 28/12/2020

A database of the company Ledger, which is dedicated to hardware cryptocurrency wallets, was published, on 20th of December, on the Raidforum, following unauthorised access.

The security incident had already been identified on 14th of July thanks to an investigator who contacted through the corporate bounty program, reporting an incorrect configuration of the third party API key for the database in question.

The data affected includes information about 272,000 customers, relating to marketing and e-commerce, including: email address, name, telephone number, postal address and type of product purchased. No financial data was compromised.

The data violation was solved the same day by deactivating the API key and currently, corporate cybersecurity measures have been reinforced. Customers have also been asked to be wary of possible phishing attacks.