Ledger

Ledger

Major cryptocurrency hardware wallet provider Ledger experienced a data breach.

The company said it was made aware of the breach on July 14 when a researcher participating in its bounty program reached out with details of a potential vulnerability on their website.

While they were able to fix the breach immediately, a further investigation found that an authorized third party carried out a similar action on June 25.

The individual used an API key to access the marketing and e-commerce database the company used to send promotional emails.

This compromised the email addresses of almost one million people.

For a subset of 9,500 customers, details such as first and last name, postal address, and phone number were also exposed.

Source: https://cointelegraph.com/news/data-breach-at-crypto-wallet-firm-ledger-exposes-users-personal-info

TPRM report: https://scoringcyber.rankiteo.com/company/ledgerhq

"id": "led213813123",
"linkid": "ledgerhq",
"type": "Data Leak",
"date": "06/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': ['Almost one million',
                                               '9,500 with additional details'],
                        'industry': 'Cryptocurrency Hardware Wallet',
                        'name': 'Ledger',
                        'type': 'Company'}],
 'attack_vector': 'API Key Misuse',
 'data_breach': {'number_of_records_exposed': ['Almost one million',
                                               '9,500 with additional details'],
                 'personally_identifiable_information': ['First and last names',
                                                         'Postal addresses',
                                                         'Phone numbers'],
                 'type_of_data_compromised': ['Email addresses',
                                              'First and last names',
                                              'Postal addresses',
                                              'Phone numbers']},
 'date_detected': '2020-07-14',
 'description': 'Major cryptocurrency hardware wallet provider Ledger '
                'experienced a data breach. The company said it was made aware '
                'of the breach on July 14 when a researcher participating in '
                'its bounty program reached out with details of a potential '
                'vulnerability on their website. While they were able to fix '
                'the breach immediately, a further investigation found that an '
                'authorized third party carried out a similar action on June '
                '25. The individual used an API key to access the marketing '
                'and e-commerce database the company used to send promotional '
                'emails. This compromised the email addresses of almost one '
                'million people. For a subset of 9,500 customers, details such '
                'as first and last name, postal address, and phone number were '
                'also exposed.',
 'impact': {'data_compromised': ['Email addresses',
                                 'First and last names',
                                 'Postal addresses',
                                 'Phone numbers']},
 'response': {'remediation_measures': 'Fixed the breach immediately'},
 'threat_actor': 'Authorized Third Party',
 'title': 'Ledger Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unauthorized Access to API Key'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.