Dec 22, 2020
Date: Monday 21st December
In July of this year, Ledger was made aware of a data breach on their website. Their initial statement read: "consisting mostly of email addresses, but with a subset including also contact and order details such as first and last name, postal address, email address and phone number."
Since then customers have been subject to a range of phishing attempts with scammers sending fraudulent emails claiming that their "cryptocurrency assets are at risk", prompting them to download the latest version of Ledger Live. This fake version would then ask for the user's seed words.
To make this data breach worse, what was initially reported by Ledger as 9,500 customers personal details (including physical addresses) was actually over 270,000. Yesterday both that list, along with over one million customer email addresses, was uploaded to RaidForums for anyone to download. Since the dump, there has been an increase in phishing attempts, including a new threat of physical attacks.
In this interview, I talk to Ledger CEO, Pascal Gauthier. We discuss the data breach, their disclosure of the hack, how they communicated with those affected and their plans moving forwards.