- Ledger published new details about a massive data breach at the company from last summer.
- The wallet provider wrote in a blog post that two rogue Shopify employees earned illegitimate access to Ledger’s database.
- The company has also set aside a bounty fund of 10 Bitcoin for gathering information on those involved in phishing attacks
Last month, hackers made public data from Ledger’s e-commerce and marketing databases. Today, Ledger revealed the hacker’s connection to e-commerce giant Shopify.
Data Theft Led Rogue Employees at Shopify
This massive data dump included personal details belonging to approximately 272,000 customers of the hardware wallet company, including names, shipping addresses, and phone numbers.
Ledger initially reported that the breach was caused after an attacker had gained unauthorized access to its databases using a third party API key. New information reveals the attacker had links to Shopify.
In a recent blog, Ledger has now identified that the illegitimate access to its database had been made through Shopify. The crypto firm hired the popular e-commerce platform to manage sales-related operations.
Through illegal access, two rogue employees at Shopify illegally exported customer transactional records for the months between April and June 2020, Ledger wrote. This data was later leaked on web forums and used for launching phishing attacks on thousands of customers.
Working with forensic firm Orange Cyberdefense, Ledger has determined that 292,000 customers, 20,000 more than previously reported, have been affected.
Ledger has filed a complaint against the Shopify employees with the French public prosecutor.
Tackling Ledger Phishing Campaigns
Despite more information on the attack vector, continued phishing attacks and ransom threats have plagued Ledger customers.
The company set aside a bounty fund of 10 BTC, nearly $300,000, to be paid to anyone that can provide information on those involved. Here is the Bitcoin wallet address.
The company is also working with Chainalysis to track cryptocurrency wallets used by phishing scammers and Corsearch to shut down existing phishing websites. The company has been successful in closing down 216 phishing sites.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
Source: Read Full Article