Ledger crypto hardware wallet has announced that an unauthorized third party accessed one million e-mails and 9,500 private addresses of its customers.
In the course of examining the situation, we also found that a subgroup of 9500 customers also had their e-mail addresses and that some of the customers were exposed. Usually, there is no direct link between the user’s e-mail address and his Bitcoin or Ethereum wallet.
Only the database information was affected, and the hardware technology was not, thus the main assets were secure and safe from the hack.
Based on the information we have, we believe it was discovered and exploited between April 2020 and June 28, 2020, “he said. He said the third-party API key that hosts the site was misconfigured with a third-party key that Ledger mentioned by name. The API keys in question and the ‘misconfiguration’ ran until August 9, 2018; he said, and based on his information they believed they had been exploited from April 20, 2019, to June 29, 2021.
Although the authorities have been informed, and the issue has now been resolved with the authorities, here the question comes that why are they keeping addresses, phone numbers, and other details without Ledger explaining?
It may be that there are customers who have just ordered and are waiting for the product, so why keep the phone number or something like that?
The problem has been resolved, and there is no question why the accounts department keeps these details.