Monday, August 10, 14:47
Home security Ledger: Hacking attack on the company with the safest bitcoin wallets hardware!

Ledger: Hacking attack on the company with the safest bitcoin wallets hardware!

The company with the safest hardware bitcoin wallets in the world, Ledger, was hacked. As she stated in a relevant announcement, she was informed about his violation website on July 14, 2020, by a researcher who participated in the company's bug bounty program.

Ledger

Shortly after learning of the attack, Ledger said she immediately recovered infringement, having received the researcher's report and after a thorough internal investigation. One week after the violation was rectified, the company of safe hardware Bitcoin wallets found that it had been breached again on 25 June 2020 by an unauthorized third party who had gained access to e-commerce and marketing database of. This database is used to send confirmations of orders and advertisements e-mail consisting mainly of email addresses, but also contact and order details such as first and last name, postal address, email address and telephone number. However, Ledger stressed to its customers that their payment details and encryption money are secure.

In addition, the company described the security incident in detail, wanting to explain to its customers exactly what happened. In particular, he reported that an unauthorized third party gained access to a portion of the e-commerce and marketing database through an API key. He also informed that the API key has been disabled and is no longer accessible.

What information is included in the database that was leaked during the attack?

The database contains the contact and order details of the company's customers. These include about one million customer email addresses. Ledger added that the breach exposed the personal information of about 9500 of its customers, such as first and last name, postal address, telephone number or ordered products. The wide scope of the breach was precisely the reason why the company decided to immediately inform its customers about the incident.

As for e-commerce date, no payment details were included, either credentials in violation. Therefore, it only affects customer contact information. This breach of data has no bearing on the hardware wallets or the security of Ledger Live and the encrypted customer data, which is secure and has never been compromised.

Ledger - safe hardware bitcoin wallets

What has the company done so far and what else does it intend to do?

  • As the breach was limited to e-commerce and marketing communications, the company immediately corrected the problem, taking the time to conduct a thorough internal investigation with security experts and then alerting its community to the incident.
  • On July 17, he informed the CNIL and the French Data Protection Authority, which ensures that the law on data privacy applies to the collection, storage and use of personal data.
  • On July 21, it partnered with Orange Cyberdefense to assess the damage that may have been caused by the breach and to detect any data leaks.
  • In addition, after a thorough investigation by the company's security team and Orange Cyberdefense, it concluded that the e-commerce and marketing database had been breached. By the time of publication, all affected customers have already received an update email.
  • The company also said it was actively monitoring whether database data that was compromised during the attack were being sold to Internet, without having detected anything so far.
  • It also expands the scope of its security and organization program in e-commerce, focusing initially on its products (HW & Vault). At the same time, it is taking steps to meet the requirements set out in ISO 27001, and has lodged a formal complaint with the authorities to further investigate the situation.
  • In addition, to enhance the privacy of its customers, Ledger Live, the accompanying application for Nano, which does not retain any information about the company's customers, will become the main point of contact for information on new product developments as well. and Ledger social media accounts (Facebook and LinkedIn, Twitter).

Finally, Ledger advises its customers to be very careful in case of any Phishing attacks. For example, the company will never ask its customers for the 24 words of the retrieval phrase. Therefore, if they receive an email that appears to be from Ledger and asks for 24 words, it will be a phishing attempt.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

Do hackers carry out their attacks in real time?

More generally, there is a perception that hackers are suddenly infiltrating systems and devices and carrying out attacks. However, the reality is different. The...

Facebook: How to hide old posts

Facebook has introduced a new tool called "Activity Management" that will allow you to delete old posts, helping you to improve ...

How to download and install the Play Store on laptops and PCs?

Nowadays, many people rely on their smartphones, as they can be used easily and quickly for ...

Portable air conditioner: It is worn on the back and as a jewel 😛

Portable air conditioner - Worn on the back and like jewelry: 40 degrees and we have melted. Those of you who are lucky on the beach, please stop ...

How to download Google Camera Port 7.4 / GCam 7.4 on Xiaomi devices?

Pixel devices have Google Camera (GCam) as their default camera application. And since the Pixel series is known for ...

How to type in multiple languages ​​simultaneously on Android

People in today's world are very much addicted to smartphones. They provide access to many applications that can be used mainly ...

LucidPix: Make your photos 3D with this app!

Give a 3D format to your photos, with the LucidPix application, which is available in various versions for both Android and iPhone ...

Private or anonymous browsing: Does it guarantee your privacy on the Internet?

The term "private" is relevant, especially when it comes to private or anonymous browsing on the Internet, a setting in your web browser ...

Businesses: 8 types of cyber attacks to watch out for

Nowadays, all businesses, small and large must be on alert, as they can ...

How to reverse image search via Google?

The term "image search" is familiar to those who use search engines. It means that you are looking for an image related to a text that ...