A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. BleepingComputer reports:
Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows. In June 2020, Ledger suffered a data breach after a website vulnerability allowed threat actors to access customers’ contact details. Today, a threat actor has shared an archive containing two files named ‘All Emails (Subscription).txt’ and ‘Ledger Orders (Buyers) only.txt’ that contain data stolen during the data breach.
The ‘All Emails (Subscription).txt’ text file contains the email addresses of 1,075,382 people who subscribed to the Ledger newsletter. The ‘Ledger Orders (Buyers) only.txt’ is more sensitive as it contains the names, mailing addresses, and phone numbers for 272,853 people who purchased a Ledger device. The release of this data on a hacker forum poses a significant risk as it provides numerous threat actors data that can be used in phishing attacks against Ledger owners.