Hardware wallet provider Ledger said its marketing database was breached between June and July.
Major cryptocurrency hardware wallet provider Ledger has alerted customers to a data breach it faced in June and July.
In an email on July 29, the company said it was made aware of the breach on July 14 when a researcher participating in its bounty program reached out with details of a potential vulnerability on their website.
While they were able to fix the breach immediately, a further investigation by the team found that an authorized third party carried out a similar action on June 25.
The individual used an API key to access the marketing and e-commerce database the company used to send promotional emails.
According to Ledger, this compromised the email addresses of almost one million people. The firm added that, for a subset of 9,500 customers, details such as first and last name, postal address and phone number were also exposed.
The company claimed the API key used to access the database has since been deactivated.
After investigating the matter in tandem with third parties and confirming the breach, Ledger said it notified the French Data Protection Authority, CNIL. Reassuring their users of their funds’ security, Ledger wrote in a blog post:
“Your payment information and crypto funds are safe […] Regarding your e-commerce data, no payment information, no credentials (passwords), were concerned by this data breach. It solely affected our customers’ contact details.”
The company also said that it is monitoring online marketplaces to find evidence of the stolen data being sold, but has found none so far.
Ledger advised users to be vigilant regarding phishing attempts by malicious scammers and said it would never ask them for their recovery phrases.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.