Data breach hits crypto hardware wallet firm,Ledger on Wednesday and its affected its e-commerce database leaving about one million email addresses public. The breach did not affect user’s funds though.
In a blog post, the French bitcoin hardware wallet company, Ledger revealed that contact and order information for customers was targeted hence it was also exposed.
Ledger added that, for a subset of 9,500 customers, personal details of customers such as first and last name, postal address, and phone number were leaked. The hack, which targeted the firm’s marketing and e-commerce database, has since been patched, it said.
A researcher who participated in Ledger’s bug bounty program discovered the vulnerability and reported it on July 14. Ledger responded by fixing the problem, but not before realizing the vulnerability had already been exploited by an unauthorized third party on June 25.
Someone accessed the company’s marketing and e-commerce database – used to send order confirmations and promotional emails – using an API key that has since been deactivated. Payment information, passwords, and funds were not affected.
“This data breach has no link and no impact whatsoever with our hardware wallets nor Ledger Live security and your crypto assets, which are safe and have never been in peril,” Ledger detailed.
Ledger said it is “extremely regretful” for the breach. The company stated it filed a report with France’s Data Protection Authority, the CNIL, on July 17, and partnered with Orange Cyberdefense four days later “to assess the potential damages of the data breach and identify potential data breaches.”
Ledger is looking for evidence or proof of the stolen data being sold on the internet, but nothing useful to nail the culprits has been found so far. The firm warned users to be “always be mindful of phishing attempts by malicious scammers.”
This article is sourced from:https://news.bitcoin.com