Data stolen from a hack of cryptocurrency wallet provider Ledger SAS, which the company initially denied but eventually confessed to in July, has been published online.
The stolen data was offered for free on Raid Forums, a website that has become well-known this year for being an internet site. It’s not on the dark web, a shady corner of the internet reachable with special software, but on the regular web.
The listing on Raid Forums offers the Ledger database with email addresses, names, phone numbers and physical addresses. Commenters on the offer describe the stolen data as “nice and high quality.”
The exact amount of data stolen and published is not immediately clear. The initial hack is said to have involved the hack of more than 1 million records, but Ledger told Coinbase that the total was 9,500. It later emailed customers and said that the number may have been 272,000, the latter figure “not available in the logs that we were able to analyze.”
Ledger took to Twitter to defend itself in a long series of tweets, among other things claiming that it “sincerely” regrets the situation and that it takes privacy extremely seriously. “Avoiding situations like this are a top priority for our entire company, and we have learned valuable lessons from this situation,” one tweet noted.
Although certainly not breaking any records for hacks and published data leaks, the number is still significant given that it’s related to cryptocurrency wallets at a time that bitcoin is hitting record highs. Worse still, as Jameson Loop, chief technology officer at CasaHOLD noted, only 1% of Ledger customers went to the trouble of protecting their home address with a post office box or private mailbox.
No hack and theft of customers of details is a good thing, but it’s a regular occurrence. The hack of Ledger differs, however, in terms of the ability for customers to take action on the matter. “The current terms of service, published by Ledger, prevent most of the legal actions the victims may be considering under the circumstances,” Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb, told SiliconANGLE.
“If at the moment of the breach the terms were different and more favorable for the plaintiffs, the success of the threatened class action is still highly uncertain,” Kolochenko explained. ” It largely depends where the victims file the lawsuit, but virtually everywhere they will be required to prove specific and measurable damages, not just a speculative risk of hypothetic future damage.”
Photo: Motokaka/Wikimedia Commons
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.