A researcher who participated in Ledger’s bug bounty program discovered the vulnerability and reported it on July 14. Ledger responded by fixing the problem, but not before realizing the vulnerability had already been exploited by an unauthorized third party on June 25.
Someone accessed the company’s marketing and e-commerce database – used to send order confirmations and promotional emails – using an API key that has since been deactivated. Payment information, passwords, and funds were not affected.
“This data breach has no link and no impact whatsoever with our hardware wallets nor Ledger Live security and your crypto assets, which are safe and have never been in peril,” Ledger detailed.
Ledger said it is “extremely regretful” for the breach. The company stated it filed a report with France’s Data Protection Authority, the CNIL, on July 17, and partnered with Orange Cyberdefense four days later “to assess the potential damages of the data breach and identify potential data breaches.”
Ledger is looking for evidence of the stolen data being sold on the internet, but nothing has been found so far. The firm warned users to be “always be mindful of phishing attempts by malicious scammers.”
What do you think of the Ledger data breach? Let us know in the comments section below.
The post Crypto Hardware Wallet Firm Ledger Hacked, One Million Customer Emails Exposed appeared first on Bitcoin News.
TheBitcoinNews.com is here for you 24/7 to keep you informed on everything crypto. Like what we do? Tip us some BATSend Tip now!