Shopify reported the finding of 20,000 additional Ledger customers among the many affected.
Ledger collaborates with the authorities and takes internal security measures.
The personal information of 20,000 Ledger customers was stolen from Shopify, an e-commerce company. This is an additional figure that is added to that of those affected in other security incidents that occurred last year with the users of these wallets.
The total figure rises to 292 thousand affected customers, including the data leak of Shopify, an e-commerce service provider for Ledger and one of the world’s leading companies in that sector.
As detailed in a post from the Ledger team, Shopify notified them on December 23 last year that their customer data was also compromised in the September 2020 attacks. It was only until December 21, as Shopify reported. , which discovered that Ledger was also affected in this incident.
With the help of forensic firm Orange Cyberdefense, Ledger established that a total of 292 thousand of its clients were affected. The database involved is 93% similar to the leak reported in September, adding 20,000 additional profiles of your clients. The data includes email address, full names, address, type of product the user purchased and the customer’s phone number, Ledger says.
Under the circumstances, Ledger created a reward fund of 10 BTC and offers it to those who provide information leading to the arrest of those responsible for the attacks. These 10 BTC are located at this address and are equivalent to almost 400 thousand dollars at the moment.
With this amount in BTC, the person who provides new information, obtained legally and relevant to the advancement of the investigation, will be awarded, among other terms and conditions.
At this time, Ledger provides information to the authorities in order to arrest those responsible. The information breach was notified to the French Data Protection Authority on December 26, they say. In addition, they work together with the FBI and the Canadian Mounted Police (RCMP), as well as filed a legal case with the French Public Prosecutor’s Office. They also work with Shopify to continue learning details of the process and to strengthen security together.
Users of Ledger’s Bitcoin wallets could see their data exposed on the internet. Source: bitcointere / pxhere.com
New internal security procedures
Ledger indicated that among the new security procedures that he will implement is delete your customers’ personal information as soon as possible, even if this poses challenges for your business operations and your legal obligations.
The firm also proposes that sensitive information about its customers be stored externally, after three months have elapsed after having delivered a product, also reducing the locations where this personal information is protected.
They also indicate that they will not include personal information in purchase confirmation emails, so that e-commerce providers, such as Shopify, cannot access from sent emails.
In this sense, Ledger also announces that it will be improving its means of support and contact with its customers. While email will be used solely and exclusively to send announcements and advertisements, important information on security and other technical aspects will be disseminated through the native Ledger Live application.
Likewise Ledger reported that is recruiting more researchers to address the resolution of these data leaksdetermined to put those responsible in jail and working with authorities around the world to do so, they say.
As we reported in CriptoNoticias, in mid-July of last year it was reported that the data of 1 million users had been compromised by an attack on Ledger’s marketing department. The theft was noticed in September and the following month triggered a campaign of phishing attacks against Ledger users.
In December it was reported that the data of a group of more than 300,000 customers had been published on the dark web, who were the targets of the greed and threats of hackers and cyber hackers. This forced users to take the best security measures.