In a recent press release issued by Ledger, the company that manufactures the famous hardware wallet, we learn that criminals have exploited another data breach, coming from Shopify, involving another 20,000 users.

The incident dates back to May of last year, when criminals exploited a flaw in the Shopify portal, and on that occasion, data was stolen from over 300,000 users from various portals such as Trezor, Augur and Ledger.

Unfortunately, the following month there was also another attack, this time directly against Ledger, in which about 1 million email addresses and the complete data of more than 9500 users were stolen. A few months later, the criminals also attempted a third attack against the users.

As if that wasn’t enough, it was only last month that all the data from the stolen database was published, including the private information of the users who had dealt with Ledger, i.e. those who had bought a hardware wallet to protect their crypto.

Certainly, 2020 was not the best year for Ledger, but as the company itself points out, none of these episodes jeopardizes the security of the electronic devices held by users, although it is recommended not to enter your seed in suspicious platforms and especially in Ledger Live, as it could be compromised.

Ledger in the wake of the data breach

In the meantime, Ledger has taken steps to warn new users affected by the recent discovery of the stolen data and inform them not to provide their seed to anyone and not to use it in any other platform other than the physical wallet.

In addition, Ledger is working to integrate a messaging model to access users’ funds and so we could see a 2FA-type system to improve security, so even in the case of seed loss, a second password will be needed to access funds.

As for what happened, Ledger has moved to track the data with the support of Chainalysis. In particular, they will try to trace the seeds used and the movements of the wallets, in order to identify how the criminals are using these funds.

In the case of Shopify, both the FBI and the RCMP are working with the French authorities to track down the criminals who perpetrated the Shopify attack.

Other measures that will be taken by the company will be those related to database management, so that the private names of the buyers will be deleted once the order has been processed, to avoid similar problems in the future.

In fact, even if a database of this magnitude is accessed, if methods were in place to obscure, protect and make it impossible to read the information within it, it would certainly not have been easy for criminals.

This demonstrates the carelessness with which the company has treated this data, causing concern among many users, who in some cases have suggested creating a class action suit against Ledger.

Finally, Ledger has offered a reward to all those who provide useful information to catch the criminals. 

The reward is 10 BTC each, to encourage white hackers to support the case.




Download MAXBIT Android App, Your best source of all crypto news!
Google Play

Read Also:   Dogecoin: the top 10 memes of 2020

New data breach for Ledger- The Cryptonomist

by Matt Villie
Choose A Format
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format