In June 2020, the hardware crypto wallet manufacturer Ledger suffered a data breach that exposed over 1 million email addresses. The data was initially sold before being dumped publicly in December 2020 and includes email addresses, names, phone numbers and physical addresses.
Notably two types of breaches have occurred:
- Ledger retail database
- Compromised Data – Name, Email addresses, Phone number, Physical addresses.
- Marketing database
- Compromised Data – Email addresses only
If you are receiving threats or extortion attempts, contact your local law enforcement agency immediately.
How to check if your data was leaked
While the full list of data is available online, for the privacy of all leak victims, data aggregator HaveIBeenPwned is the recommended way to determine if your personal data has been leaked. NOTE that at time of posting users involved in the marketing database breach will show as a Full breach on HaveIBeenPwned.
What to do if your data has been breached
Secure your online presence
- If possible, stop using the affected email account
- Change all your passwords for accounts with your leaked email address
- Be extra vigilant when reading emails and clicking links
- Ensure your computer and browser are secure against malware. We recommend uBlock Origin adblocker and Malwarebytes antivirus software
Be extra vigilant when clicking links in emails, you may be at increased risk of scams. If a scammer obtains your passphrase, they will obtain your crypto
Secure your phone
- Beware of scam phone & text messages. NEVER click on a link in a text message you do not recognise.
- Contact your phone provider and ensure all precautions are taken to prevent sim-swap attacks. A sim-swap attack is when a hacker will use leaked data to steal ownership of your phone account, giving them access to your phone number.
- Ensure no websites use your phone number for authentication. Use a secure 2FA like Authy or Google Authenticator instead.
Join the class action lawsuit
While this may take some time to initiate, there is a community hub on Reddit working towards starting a class action lawsuit against Ledger.
- Adopt an attitude of Opsec, a state of mental preparedness. You can’t live in fear but you can always exercise extra precaution.
- Have a plan should you be confronted/security compromised.
- Keep a copy of all Ledger documentation/emails. You may benefit from building your own timeline of events for future reference.
- Inform family or close friends your personal data has been breached and encourage them to be vigilant on your behalf.
What to do if you receive a threat
Contact your local law enforcement department.
Unfortunately the reality of living in a technology driven society is that our personal details are often exposed, the best we can do is prepare and act accordingly. Stay safe, stay secure.