Massive Ledger data leakage increases the threat of SIM card swapping
The second data leak exposes the data of 270,000 customers.
- It is a leak of e-mails, phone numbers and even physical addresses.
- This highlights a main vector of attack through the exchange of SIM cards.
- The Trust Project is an international consortium of media organisations based on transparency standards.
Hardware wallet manufacturer Ledger suffered another massive data leak for the second time this year. Exposure of thousands of customers‘ personal information increased The News Spy the threat of attacks through SIM card swapping.
For the second time this year, the personal data of Ledger wallet purchasers was published online. The new leak was spread by several members of the crypto community who found files allegedly containing the „complete database“ of Ledger’s customers with e-mails, phone numbers and even physical addresses.
Ledger data leak (again)
Ledger played down the problem by claiming that it was old server infiltration data dating back to June 2020.
Today, we have been warned of the leak of a Ledger customer database on Raidforum. We are still in the process of confirming this, but the first signs tell us that it could well be the contents of our e-commerce database from June 2020.
A wave of phishing attacks followed the June infiltration. Ledger originally claimed that „only“ about 9,500 user data had been disclosed, but it now turns out there are as many as 270,000.
Industry researchers have called the problem „unforgivable“;
In my opinion, this leak is unforgivable. You simply can’t sell physical wallets and store your customers‘ personal information on an online server. Stop doing business with them, it’s the only way that businesses in this space can learn to take our physical security seriously.
Analyst Larry Cermak said this latest leak was „much worse“ than the previous one: