Ledger cryptocurrency wallet system suffers massive target breach
The breach wasn’t discovered for almost a month
Perhaps the biggest threat to the cryptocurrency industry is the constant attacks perpetrated by hackers who are looking for different ways to get a hold of more digital assets. One of the most recent attack was made to the popular hardware wallet creator for digital assets, Ledger, which announced that its platform just suffered a data breach. On a positive note, despite the breach, Ledger confirmed that no client financial information was accessed.
Although client funds and holdings were unaffected, roughly one million accounts were breached, and some data was stolen. The hackers got access to multiple data points from customers like emails, contact information – like names phone numbers, addresses – and even order details.
According to the reports, the hack was possible because an unknown third party used an Application Programming Interface (API) key to access Ledger services. The breach occurred on June 25, 2020, but it was not discovered until July 14.
Data has become, without a doubt, one of the most valuable assets for a company to hold. There are several companies out there that offer incentives and even bounty programs to those who can help them find weaknesses. Actually, this breach was discovered due to a bounty program that ran in mid-July. Without running this bounty program, the breach would have continued unnoticed and would have been free to be replicated in the future.
As a result, Ledger deactivated this API key and made the necessary fixes to protect customer’s data from being exploited in the future. “Regarding your ecommerce data, no payment information, no credentials (passwords), were concerned by this data breach. It solely affected our customers’ contact details,” said Ledger. “This data breach has no link and no impact whatsoever with our hardware wallets nor Ledger Live security and your crypto assets, which are safe and have never been in peril. You are the only one in control and able to access this information.”