Attacks have started targeting some Ledger users after a major data breach exposed their information
Following the breach, affected Ledger users have taken to social media to report attacks and seek help, while many say the company’s response has been limited. Reports suggest phishing and other malicious activity began almost immediately after the data became public, and the number of victims appears to be growing.
Ledger has faced heavy criticism since the incident in June that exposed user data. The company confirmed its e-commerce marketing database was breached on June 25 but did not discover the issue until nearly three weeks later, after a security researcher alerted them on July 14.
Roughly one million users had their email addresses leaked. For some customers, the breach included additional personal details such as phone numbers and residential addresses.
Many users have reported receiving phishing emails, and a portion say they have lost funds. Those whose contact information was exposed have also reported receiving malicious text messages. Even more concerning, portions of the compromised data reportedly appeared on Raidforums, a forum used for sharing and trading leaked databases.
“Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020,” the Ledger team tweeted.
Scammers quickly capitalized on the leaked information and began using it to launch targeted attacks.
Twitter user Ivan on Tech warned, “SCAMMERS ARE GOING WILD. Sending fake emails pretending to be Ledger apologizing for the data leak and phishing you to install ‘latest version’. BEWARE!!”
Ledger said it has contacted French law enforcement and is working to contain and address the incident. The company also posted a notice on its homepage warning customers about ongoing phishing campaigns.
Beyond email phishing, affected users have reported SIM-swapping incidents, and the exposure of physical addresses raises the risk of extortion or ransom-related schemes. To date, Ledger has not issued reimbursements. CEO Pascal Gauthier indicated refunds are not feasible given the scale of the breach.
Speaking to Decrypt, Gauthier stated, “When you have a data breach of this magnitude for such a small company, we won’t reimburse for a million users, all the devices, that’s just not possible.”