fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Physical Addresses Of 270K Ledger Owners Leaked On Hacker Forum

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj

Physical Addresses Of 270K Ledger Owners Leaked On Hacker Forum

A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.

Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows.

In June 2020, Ledger suffered a data breach after a website vulnerability allowed threat actors to access customers’ contact details.

Today, a threat actor has shared an archive containing two files named ‘All Emails (Subscription).txt’ and ‘Ledger Orders (Buyers) only.txt’ that contain data stolen during the data breach.

The ‘All Emails (Subscription).txt’ text file contains the email addresses of 1,075,382 people who subscribed to the Ledger newsletter. The ‘Ledger Orders (Buyers) only.txt’ is more sensitive as it contains the names, mailing addresses, and phone numbers for 272,853 people who purchased a Ledger device.

Hacker forum post containing the leaked Ledger data
Hacker forum post containing the leaked Ledger data

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Cybersecurity intelligence firm Cyble has shared the leaked file with BleepingComputer, and we have confirmed with Ledger owners that the data is accurate.

Ledger further confirmed in a tweet that this data dump is likely from the June 2020 data breach.

https://twitter.com/Ledger/status/1340769565639233536

Cyble told BleepingComputer that this data was being sold privately in August 2020.

Data leak poses a significant security risk

The release of this data on a hacker forum poses a significant risk as it provides numerous threat actors data that can be used in phishing attacks against Ledger owners.

Since October 2020, Ledger users have already been bombarded with phishing emails pretending to be Ledger data breach disclosures. These emails tell the user to download a new version of Ledger Live to secure their cryptocurrency assets with a new security PIN.

Ledger phishing emails
Ledger phishing emails

When users download and install the fake Ledger Live app, they will be presented with prompts asking for the Ledger owner’s secret recovery phrase and passphrase. This information is then sent to the attackers, who can use the recovery phrase to steal the victim’s cryptocurrency assets.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

Fake Ledger Live phishing app
Fake Ledger Live phishing app

Threat actors can use this data to create highly targeted phishing campaigns that target not only an owner’s email address but also their mailing address.

Using the leaked mailing addresses, convincing and elaborate scams can be crafted to trick users into revealing sensitive information, such as their recovery phrase.

What should Ledger owners do?

First and foremost, never tell anyone your Ledger recovery phrase or your secret passphrase and never enter it into any app or website. These phrases should only be entered on a Ledger device you are trying to recover.

If you receive postal mail about your Ledger device, do not act upon it or visit any site listed in the letter. Instead, contact Ledger support to confirm if the letter you received is a scam.

As phone numbers were also released, threat actors could attempt to perform a number transfer, or SIM swap attack, on your mobile account. You should contact your cellular provider and see if they can enable a protection that blocks number transfers.

Finally, disregard any emails claiming to be from Ledger stating that you were affected by a recent data breach, that your hardware device has been deactivated, or asking you to confirm a transaction. These are all phishing scams that are attempting to steal your cryptocurrency.

Ledger has released a web page where they list the various phishing scams targeting Ledger owners, and it is an excellent page to consult so that you do not fall victim to a scam.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us