Trusted

Massive Ledger Data Leak Increases SIM Swapping Threat

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • Second Ledger leak exposes data from 270,000 customers
  • Emails, phone numbers, and even physical addresses leaked
  • Major SIM swapping threat attack vector emerges
  • promo

Hardware wallet manufacturer Ledger has suffered another massive data breach for the second time this year. The exposure of thousands of clients’ personal information has increased the threat of SIM swapping as an attack vector.

For the second time this year, personal data from Ledger wallet buyers has been dumped online. The leak was posted by several members of the crypto community who found files allegedly containing the ‘full database’ of Ledger customers containing emails, phone numbers, and even physical addresses.

Ledger Data Leaked (Again)

Ledger played down the data breach by claiming it was old data from the June 2020 server breach.

A wave of phishing attacks followed the breach from June. Ledger originally claimed that ‘only’ around 9,500 user’s data was leaked, but it now turns out to be as many as 270,000.

Industry researchers called it ‘unforgivable’;

“IMO this Ledger leak is unforgivable. You simply can’t sell hardware wallets and store the personal information of your customers on an online server. Cut off business with them, only way companies in this space are gonna learn to take our physical security seriously.”

Analyst Larry Cermak said this latest leak was ‘much much worse’ than the last;

There is also now an inherent danger that SIM swapping attacks will be used to target Ledger customers now that their phone numbers and addresses have been leaked.

What is SIM Swapping and How to Avoid it?

Industry analyst Alex Krüger has warned of an impending wave of SIM swapping attacks following the Ledger leak. Since phone numbers were leaked and smartphones are normally used to authenticate transactions, the fallout could be devastating;

SIM swapping occurs when an attacker contacts the victim’s wireless/mobile carrier and is able to convince the call center employee that they are the victim using stolen personal data.

With an arsenal of new data including email addresses, the phone number itself, and even physical addresses for Ledger users, this would be relatively easy to pull off for cybercriminals.

The attacker then asks the provider to activate a new SIM card connected to the victim’s phone number on a new phone in their possession. With this, they can access the 2FA security measures used by Ledger devices and crypto exchanges. What happens next is inevitable — an emptied hardware wallet.

Ledger Nano S

The U.S. Federal Trade Commission issued a warning and prevention guide which includes suggestions on limiting the sharing of personal information. However, when companies that are trusted with security cannot secure data themselves, what hope has the consumer got?

As a number of Ledger users have painfully found out, crypto-assets can be easily stolen from hardware wallets. The victims are left to suffer alone when it happens as there is usually little-to-no recourse whatsoever from the manufacturers.

Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

profile.jpg
Martin Young
Martin Young is a seasoned cryptocurrency journalist and editor with over 7 years of experience covering the latest news and trends in the digital asset space. He is passionate about making complex blockchain, fintech, and macroeconomics concepts understandable for mainstream audiences.   Martin has been featured in top finance, technology, and crypto publications including BeInCrypto, CoinTelegraph, NewsBTC, FX Empire, and Asia Times. His articles provide an in-depth analysis of...
READ FULL BIO
Sponsored
Sponsored