Data breach had taken place in the database of the crypto wallet provider Ledger SAS. The company had denied it initially. But back in July, they had finally confessed that the hacked data had been published online.
The stolen data had been offered absolutely free on Raid Forums. Raid Forums is an active marketplace forum for database sharing. The forum is present on the clear web or surface web and not on the dark web. Thus, the forum can be easily reached using the regular browsers and search engines. The listings on the Raid Forums on Ledger database contained names, email addresses, physical addresses and phone numbers. The commenters have regarded the stolen data to be “nice and high quality.”
When the incident broke out, the exact amount of the stolen data that had been published was not clear. The hack, in its initial phase, had involved data theft of over 1 million records. But, the crypto wallet provider Ledger revealed that the total hack was 9,500. Later it had emailed its customers and stated that the number probably had been 272,000. The latter figure was said to be unavailable in the logs that the company was able to analyze.
The crypto wallet provider Ledger then took to Twitter for defending itself via a long series of tweets, amongst the other links. The company had regretted the situation sincerely and had claimed that it takes the privacy of its customers too seriously.
“Avoiding situations like this are a top priority for our entire company, and we have learned valuable lessons from this situation,” one tweet noted.
Although the figure stated by the crypto wallet provider Ledger did break the hacking records and published data, yet the number is significant enough as it is related to the cryptocurrency wallets during the period when Bitcoin (BTC) is hitting high. The chief technology officer at CasaHOLD had noted that only 1% of the Ledger customers had experienced the trouble of protecting their postal address bearing a private mailbox or post office box.
“The current terms of service, published by Ledger, prevent most of the legal actions the victims may be considering under the circumstances,” Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb has revealed.
“If at the moment of the breach the terms were different and more favorable for the plaintiffs, the success of the threatened class action is still highly uncertain,” Kolochenko explained. ” It largely depends where the victims file the lawsuit, but virtually everywhere they will be required to prove specific and measurable damages, not just a speculative risk of hypothetical future damage.”