Shopify Security Breach Exposes More Ledger Customers’ Sensitive Data

Share Article
In Brief
  • A Shopify data leak has exposed another 20,000 Ledger customers' personal data.

  • The incident comes just weeks after hackers exposed the sensitive information of around 270,000 Ledger customers.

  • The firm's users have been the target of phishing and extortion attempts since the initial leak last summer.

  • promo

    Want to learn how to trade? Get a beginners guide from _BeInCrypto Academy_ now!

The Trust Project is an international consortium of news organizations building standards of transparency.

A previous security breach at the e-commerce firm Shopify has exposed sensitive data belonging to customers of around 200 of its merchants.



Among those impacted are customers of the cryptocurrency hardware wallet manufacturer, Ledger. The incident is the second time Ledger customers have potentially had personal information exposed in recent memory.

Although most of the data is the same as that from Ledger’s own security breach last year, those behind the Shopify leak have secured an additional 20,000 customer records.



Another 20,000 Ledger Customers at Risk

As BeInCrypto reported last year, a massive data leak at cryptocurrency hardware manufacturer Ledger saw the personal information of around 270,000 customers stolen. In December, the data found its way onto a public online forum.

Ledger initially downplayed the breach, stating that the June incident impacted only 9,500 users. However, the public release of the data showed otherwise.

With full names, home addresses, and emails leaked, reports of phishing attempts have since emerged. Some users even reported extortion attempts involving death threats.

Already a growing trend in crypto’s bad books, Ledger disclosed yet another breach on Wednesday. In a company blog post, the firm revealed that it was among the merchants impacted by a security incident at the multinational e-commerce firm Shopify.

According to a post on Shopify’s website detailing the September 2020 incident, two ‘rogue members’ of the company’s support team stole transactional records from around 200 merchants.

The Shopify incident first came to light on Sept. 22, but the now-fired staff ‘illegally exported’ data in April and June. However, Ledger claims to have only learned about the leak involving its customers on Dec. 23.

Shopify is reportedly working with the FBI and other international law enforcement agencies to investigate the incident. Meanwhile, Ledger has reported the Shopify incident to the French Data Protection Authority and informed those additional users impacted earlier Wednesday.

Changes to Customer Data Storage

As part of Ledger’s more recent disclosure, the company has announced changes to the way it will handle customer data in the future. It claims it is now committed to storing personal information for the least time possible.

Additionally, the French hardware wallet manufacturer says it will delete sensitive data from order confirmation emails to avoid future information leaks via e-commerce providers. The company also says it will add a messaging protocol to Ledger Live, reducing the dependence on email communication with customers.

As well as pledging to continue working with global law enforcement, the firm announced the hiring of additional private investigators and the creation of a 10 BTC reward purse for information leading to the arrest and prosecution of those responsible.

Although repeating that the leak had not affected customers’ devices, many impacted users were understandably upset. Some stated that it is completely unacceptable for an apparent security company to leave customer data vulnerable in the first place:

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

A former professional gambler, Rick first found Bitcoin in 2013 whilst researching alternative payment methods to use at online casinos. After transitioning to writing full-time in 2016, he put a growing passion for Bitcoin to work for him. He has since written for a number of digital asset publications.

Follow Author

Trade with the Best Crypto Signals - guaranteed profits with over 70% accuracy

Join now

Want to learn how to trade? Get a beginners guide from BeInCrypto Academy!

Learn now

Bybit Bonus Bash. $1,000 Bonus to be Won!

Join now