stub Digital Asset Wallet Ledger, Suffers Data Breach Affecting 1M Clients - Securities.io
Connect with us

Investing In Crypto

Digital Asset Wallet Ledger, Suffers Data Breach Affecting 1M Clients

mm
Updated on
ledger

Ledger, makers of some of the most popular hardware wallets for digital assets, announced today that its platform has suffered a data breach.

The Details

As with any situation, there is both good and bad to be found.  Based on information released by Ledger, the following make up each category.

The Good
  • Despite the breach, Ledger indicates that no client financial information was accessed.
  • Client funds/holdings are unaffected
The Bad
  • Roughly 1 million accounts affected
  • Multiple data points accessed
    • Emails
    • Contact information (names, phone numbers, postal addresses)
    • Order details

This particular breach occurred when an unknown third party utilized an Application Programming Interface (API) key, to access Ledgers services.  This breach occurred on June 25th, 2020, and was discovered on July 14th, 2020.

Data Breaches and Bounty Programs

In an age where data has become one of our most valuable assets, it is not surprising that year after year companies find themselves on the wrong end of a breach.  Recognizing this, it has become a regular practice in the crypto community to offer incentives (bounty programs) for hackers and programmers to find weaknesses.

In the bounty programs, companies typically recruit researchers to intentionally ‘attack’ the company's networks and services.  This is done with the purpose of discovering any weak-points and vulnerabilities before those with nefarious activity in mind can do so.

While the illegal breach took place in late-June, it wasn’t until mid-July that it was discovered by someone participating in a Ledger bounty program.  As a result, without this program, the breach could have continued unnoticed, with the potential for repeated attempts in the future.  In the instance discussed here today, involving Ledger, the merits of such bounty programs are proven.

As it stands, Ledger has deactivated the API key used to access information and implemented the necessary fixes to ensure that client information will not be exploited in this manner again.

Commentary

Any breach of any kind is cause for concern.  With this in mind, Ledger took the time to discuss this recent event, and put their clients' minds at ease.

“Regarding your ecommerce data, no payment information, no credentials (passwords), were concerned by this data breach.  It solely affected our customers’ contact details. 

This data breach has no link and no impact whatsoever with our hardware wallets nor Ledger Live security and your crypto assets, which are safe and have never been in peril.  You are the only one in control and able to access this information.”

Looking Forward

Since they first launched, Ledger products have gone from supporting a select few assets to more than 1000 at the time of writing.  It is expected that as this trend continues, we will see Ledger bring support for digital securities as they grow in popularity.  Ledger was one of the first companies of its kind to provide wallet services for digital securities when they formed an alliance with now-defunct digital security company Neufund.

With the digital securities sector beginning to pick up, it is only a matter of time before token holders are looking for safe storage of their assets – hopefully, Ledger will be there.

Ledger

Founded in 2014, Ledger maintains operations in Paris, France.  Above all, the team at Ledger works to serve the blockchain industry through the development of various storage and security solutions.

CEO, Pascal Gauthier, currently oversees company operations.

Advertiser Disclosure: Securities.io is committed to rigorous editorial standards to provide our readers with accurate reviews and ratings. We may receive compensation when you click on links to products we reviewed.

ESMA: CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. Between 74-89% of retail investor accounts lose money when trading CFDs. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.

Investment advice disclaimer: The information contained on this website is provided for educational purposes, and does not constitute investment advice.

Trading Risk Disclaimer: There is a very high degree of risk involved in trading securities. Trading in any type of financial product including forex, CFDs, stocks, and cryptocurrencies.

This risk is higher with Cryptocurrencies due to markets being decentralized and non-regulated. You should be aware that you may lose a significant portion of your portfolio.

Securities.io is not a registered broker, analyst, or investment advisor.