Hackers published the stolen email addresses and postal addresses of users of the Ledger cryptocurrency wallet on the Raid forum hacker forum.
Recall that on June 25 this year, hackers gained access to the company's database using an API key. The company immediately eliminated the vulnerability and conducted an internal investigation.
Now the criminal has published an archive containing two files with stolen data. One of the files contains the email addresses of 1,075,382 people who have subscribed to the Ledger newsletter. Another file contains the names and mailing addresses of 272,853 people who purchased the Ledger device.
Security researchers from Cyble have confirmed the hack to Bleeping Computer. Ledger also confirmed in a tweet that the stolen data is likely related to a June 2020 hack.
Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.— Ledger (@Ledger) December 20, 2020
A ledger is a cryptocurrency hardware wallet that is used to store, manage and sell cryptocurrency. Funds held in these wallets are protected with a 24-word special phrase and an additional secret passphrase that only the owner knows.