URGENT: Ledger Email Breach - 270,000 emails & addresses leaked publicly

Boxmining

15.5K views 819 4 years ago

Description

Ledger's eCommerce site was hacked in July of 2020, causing 270,000 customer emails and delivery addresses to be stolen by hackers. FUNDS ARE SAFE. NO cryptocurrency / private keys were leaked. Today ...

Ledger's eCommerce site was hacked in July of 2020, causing 270,000 customer emails and delivery addresses to be stolen by hackers. FUNDS ARE SAFE. NO cryptocurrency / private keys were leaked. Today this information was released to the public, causing a massive amount of fear, anger, and frustration. What's worse is that there are email scams right now capitalizing on this fear - so here are some pointers to stay SAFE. Check for Breach info: https://haveibeenpwned.com/ Ledger Response: https://support.ledger.com/hc/en-us/articles/360015559320-E-commerce-and-Marketing-data-breach-FAQ Reddit Thread: https://www.reddit.com/r/CryptoCurrency/comments/khg4yi/warning_extortion_emails_being_sent_to_those/ Yubi Key: https://www.yubico.com/ ▬▬▬▬▬▬▬Recommendations▬▬▬▬▬▬▬● Recommendation List: https://www.cryptoatlas.io/Boxmining 🌼Buy & Sell Bitcoin: https://join.swissborg.com/r/michaeOQZM 🔎Crypto Prices: https://www.coingecko.com/ 🔒Hardware Wallet: http://boxmining.co/ledger 👍🏻Brave Browser: http://boxmining.co/brave 📲Binance Exchange : http://boxmining.co/binance ●▬▬▬▬▬▬▬▬▬▬Community▬▬▬▬▬▬▬▬▬● Boxmining Official Website: https://www.boxmining.com/ Telegram Discussion Group: https://t.me/boxmining Telegram Announcements: https://t.me/boxminingChannel Facebook Community: https://www.facebook.com/groups/CryptoSpartans/ ●▬▬▬▬▬▬▬▬▬▬▬Social▬▬▬▬▬▬▬▬▬▬▬● Instagram: https://www.instagram.com/boxmining/ Twitter: https://twitter.com/boxmining Facebook: https://www.facebook.com/boxmining Steemit: https://steemit.com/@boxmining ●▬▬▬▬▬▬▬▬▬▬Disclaimer▬▬▬▬▬▬▬▬● I'm not a professional financial adviser and you should always do your own research. I may hold the cryptocurrencies talked about in the video.

AI Analysis

Alright, let's talk about the Ledger email breach. This video is a really urgent heads-up about a data leak from Ledger's e-commerce site back in July 2020, where personal information of 270,000 customers, including their full addresses and phone numbers, was stolen. While your crypto and hardware wallet are completely safe, this leaked data has now gone public, leading to nasty email scams and a whole lot of fear.

Here’s the rundown:

* The Unfortunate Leak Details: The video explains that 270,000 Ledger customers had their emails, full names, home and shipping addresses, and even home phone numbers exposed. On top of that, another 1 million email addresses were also leaked. This is a massive issue, and the presenter feels it's "horrific," especially the home addresses.
* When It Happened vs. When It Went Public: This wasn't a fresh hack; the breach itself occurred way back in July 2020. However, the truly scary part is that the stolen information, which was previously only circulating within hacker groups, became completely public today, meaning anyone can access it. The presenter expresses frustration, noting how "disastrous" it is that this sensitive data is now so widely accessible.
* Ledger's Understated Problem: Ledger initially downplayed the severity, claiming only 9,500 customers were affected. However, it turns out the actual number is a staggering 270,000. The presenter can't hide their anger, stating, "Holy crap! I cannot describe how angry I feel about this," and questions why this information wasn't better secured or deleted.
Crucial: Your Crypto Is SAFE! This is the most important takeaway! The hack did not* compromise your crypto wallet, private keys, or the Ledger device itself. Your cryptocurrency is as safe as it ever was. Scammers are trying to exploit the fear by sending fake emails claiming your crypto assets are compromised, but this is a lie designed to trick you.
DO NOT Click on Links! This is a critical warning. Scammers are sending very official-looking fake emails that mimic Ledger communications, often trying to get you to click on links to download "updated" Ledger Live software. These are phishing attempts that could lead to viruses or further breaches. Avoid clicking any* links from suspicious emails or even random files shared on platforms like Telegram, as they could contain malware. The presenter stresses that it's easy to get "screwed even further" if you're not careful.
* Checking If You're Affected (Safely): The only reputable website to check if your email was part of this or any other data breach is `haveibeenpwned.com`. Just enter your email address there. The presenter strongly advises against using any new, unofficial sites like `haveibeenpwnedbyledger.com`, as these could be collecting your IP address and email for malicious purposes.
* Dealing with Extortion Attempts: Some affected individuals are receiving direct threats via email, where hackers list their leaked home address to scare them into paying. If you receive such a threat, do NOT pay! Contact local law enforcement immediately. Paying will only confirm you're a potential victim and could lead to more extortion. This is a "complete BS" situation that needs police involvement.
* Essential Security Measures:
* Stay Calm, Don't Panic: Rash decisions can lead to mistakes. Take your time to implement security improvements.
Double-Check Addresses: If sending cryptocurrency, always manually verify the entire* recipient address, especially if you suspect your computer might have a virus that could swap addresses.
* Use a VPN: A Virtual Private Network hides your IP address and location, adding a layer of privacy while browsing. NordVPN and VPN.ac are mentioned as good options.
* Activate Antivirus: Ensure your antivirus software (like Windows Defender for Windows users) is turned on and up-to-date. Regularly scan your system for viruses.
Implement Robust 2FA (Two-Factor Authentication): For all your cryptocurrency exchanges and email accounts, switch to Google Authenticator (TOTP) or a physical security key for 2FA. Avoid SMS-based 2FA*, as hackers can perform "SIM swap" attacks by tricking your phone company into giving them control of your phone number.
* Consider a YubiKey: A physical security key like a YubiKey (around $29) adds an incredibly strong layer of protection. You physically tap or press it to authorize logins or transactions, making it "literally impossible" for hackers to access your accounts even if they have your password and email.
* The Presenter's Ongoing Frustration: The video ends with the presenter still feeling "really angry and pissed off" about the hack, emphasizing the severity and the need for everyone to boost their security. They spent a lot of time today improving their own security and wanted to share these critical steps immediately.

Transcript

All right, guys, I really hate making this video, but I think I need to rush this to help a lot of people who are really stuck in this unfortunate situation. So let's get to it. A database containing personal information of over 270,000 Ledger customers. So this is with the Ledger Hardwork wallet has been released today to public. All right. So this is actually pretty disastrous. And a lot of people were concerned. In fact, when I saw this news, I was like kind of shocked at first, then filled ...

All right, guys, I really hate making this video, but I think I need to rush this to help a lot of people who are really stuck in this unfortunate situation. So let's get to it. A database containing personal information of over 270,000 Ledger customers. So this is with the Ledger Hardwork wallet has been released today to public. All right. So this is actually pretty disastrous. And a lot of people were concerned. In fact, when I saw this news, I was like kind of shocked at first, then filled with confusion, anger, fear, I would say. And it was a very unpleasant day just looking at this. So we're going to give you a rundown. Like I'll give you a rundown of what I have done so far and also what not to do. So this is actually very important because I think like initially I wanted to know as much as I want about this, but I held myself back because it's actually very easy at this current point. If you don't know what you're doing to get yourself screwed even further. So which is what's the point of this video? Like we'll talk about this event in a lot of detail. I'll have some tips that I've been following myself, but also leave a comment down below if you have any other security tips because at this current point, yeah, this just sucks. Okay. Let's go down to the information. So what was revealed? So we have, this is kind of the information of the hack. So 270,000 customers have their emails, their name, their full address, their shipping address for the ledger. Okay. And a home phone number has been revealed. Also another 1 million emails have been leaked. All right. So this is actually, I think the biggest and scariest part is the home address for a lot of people. So this, I think it's just one of the worst things to have happened. It's pretty horrific. That being said though, I would want to say, all right, that this leak actually happened around half a year ago. This is not something that just happened recently, but rather this was through a hack that happened in July. But what, why this is becoming such a big issue today is because that information that was previously kind of hidden between hacker groups, but now it's completely public. All right. So this has been circulating in a public forum. And in fact, a lot of people who are concerned, they actually managed to access that list and find their own information on it. So that's just scarce and creeps the hell of a lot of people, right? Like they search their own name and their home address pops right out in front of them. That's not cool at all. So yeah, this is just super BS. So anyway, so this has been, so, so I guess the biggest take home, I guess, from that is that this, this has been circulating for a while. So I guess if damage could arrive, it could have arrived a lot sooner than this. But anyways, let's go down and talk about some stuff that you should absolutely not do at this current point. So number one thing not to do is do not click on links. All right. So I'll give you an example there. This is an email that was sent to Peter McCormack and it looks really official. This is like, it seems like a ledger email from ledger. Oh, check out December 4th security update information, important information about theft of cons customer data. It looks official, right? And it has a link at the end. It tries to tell you, look, what you should do now is to click this link and download the latest version of ledger live. Do not do this right now. Like, okay, so this is clearly a fake email, right? So even though it looks very legit, even look, though it's like puts like the ledger CEO and everything on it. This is a fake email, right? Because your email information was leaked. Any hacker can design an email that looks very official and will contain links for you to open. Do not open or download any of these links. All right. This is absolutely key because at this current point, I just want to stress this. I'll just make sure the hack doesn't relate to anything with crypto. Okay. Your crypto wallet, your ledger, your crypto is super safe. Even though like in this email, it falsely says, oh, we assume that your cryptocurrency assets could be compromised and you should be scared for your crypto. Your crypto is absolutely safe, right? It's as safe as it ever was. But the issue here is your home address and your email. So something like this. So once your email gets leaked, people create these fake emails and get you in deeper trouble. So do not click on any links at this current point. Anything circulating around Telegram. I know a lot of people, they just try to share stuff to try to help other people. I've seen people try to share a pastebin version of the leaked text messages out there. Honestly, if you click on those files and you try to figure out things for yourself, there's very high chance that could contain viruses, right? Even if the people send it in good spirits and sharing good spirits, I've seen there's a potential for some serious damage to be done. If you start clicking random links, that will get you in a lot of trouble. So just what the key here is to stay calm and to understand what you're doing. There's no need to be fearful or panic right now. Because honestly, this hack happened a long time ago. The information was already circulating on the dark web. Just that right now, this has become public. So that's kind of a lot more problematic. But at the same time, you know, just no need to panic. All right. Next up, I do have this link to share. I know, you know, this link has been this link is called haveibeenpwned.com. This is a website that's been around for a long time. But at haveibeenpwned.com, I can even Google this up and check this out. This website's been around since 2013. And it's a way to verify if you have been pwned or not. All right. So you can go and check your email address. You can enter your email address. I'll leave a link down below. And this is the one that's legit. Now, haveibeenpwned.com will tell you if you have been affected by this hack or not. So this includes both people who have addresses leaked and also emails leaked. Okay. So this doesn't tell you this. It doesn't. This haveibeenpwned.com does not clarify which leak you were affected by. Now, I've seen other websites that popped up and they try to fill in that gap. Like I think this one has haveibeenpwnedbyledger.com. Look, I wouldn't click on that link either. All right. Because new websites that pop up, you don't know if the person will be gathering your data or not. So one of the reasons why I wouldn't click on that and enter my email in is if I entered that, if I use another website, enter my email in, they could either be tracking my IP. So they know where and what my IP address is. And also they can track my email too. And you never know if that information can also be sold online. Right. So this is where paranoia really comes in and you should avoid clicking on anything that you don't know or it doesn't have reputation in the real world. So just make sure that it's true. Now, in terms of ledger. Okay. So I read this in terms of ledger. What they're going to do is they're going to send emails out to 200 to the 270,000 people who are affected. And this is just OPS. But they're going to send your information and notify that to you. Now, this is actually quite also BS too. If you just read this sentence. So it says, after we are made aware of the dump on December 20th, it became clear that a larger subset of the initial 9,500 customers had their personal data exposed. So initially when this got on the news of the July hack, they thought that the hack only affected 9,500 people. But it turns out to be the case that it's not 9,500, but 270,000 people. Holy crap. Like this is just dope. Like I cannot describe how angry I feel about this. Like why did, why was this information not better secure? Why wasn't it deleted and wiped from their database? It just doesn't make any sense to me. But anyways, um, more about the anger side in, uh, later, but at this current point, ledger will notify you. So, I mean, you know, check, have I been pwned? And if that has affected you, if you are worried that your personal home address has been breached, please, please, please make sure that you don't click on, you don't overreact them. Click random links at this current point. All right. Next part comes support part. That's even harder to talk about. This is just like absolutely scary, but apparently some people have been receiving these threats, uh, via email. All right. And this is where I don't even know how to react to this, but I'll just point out a few things like this is a responsibility for law enforcement. If threats are happening to you, please do report that to the relevant authorities. Um, unfortunately what happens in this email is because the hacker knows the home address, they'll type the home address to you and it looks scary AF. But I do want to say that it could be possible that if like some people who get scared and paid this address, it's going to be even worse because now they'll know who you are and that you're willing to pay and then they'll extort you even more. So this is something that definitely if you receive, and luckily for me, I haven't received one of these yet, but I would say at this current point, like do contact local law authorities, like law enforcement to help you deal with your situation. That's, that's complete BS. Um, check out the threat as well. Um, I'll put a link down below. Now, I just want to just reiterate one last time, like the crypto itself is not affected. Like the ledger device itself is fully functioning. Like it does protect you from hacks and it does protect you from a lot of these problems. But the key here is that if you do install accidentally install viruses onto your computer, they will try to kind of replace or substitute addresses out. So as a security tip, like if you do need to send any secure cryptocurrencies at this current moment, either using a ledger or a trezor, make sure you double check the address in full for whoever you're sending crypto to. And also some suggestions for security improvements. So just a few things out there. First and foremost, um, considering getting a VPN, I know I haven't, um, I should be posting down like these VPNs. Um, there's two ones that I do actively use. One is Nord and the other one is VPN.ac. The reason why you want to use a VPN right now or in the future, whenever you browse the internet is because it hides where you live. So some of the problems, a lot of websites is that they can find your IP and the IP can be traced to the region where you live. So that's, that's not a good information piece of information to hack. So, um, having that privacy is important. Also, of course, I know this just sounds very general, but make sure you have an antivirus or at least make sure that your antivirus is turned on. So by default, if you're using windows, you have your windows defender, which is part of windows 10 right now, make sure that's activated. Make sure you scan for viruses at this current point. The other one to do is to make sure that your exchange accounts. So any exchange accounts that you use, whether it's Binance or FTX, make sure you're using two factor authentication. So one of the reasons why is now because hackers get access to your emails while they might want to try to break into your email or even worse, they might try to execute a SIM hack. So this is when they go up to your phone company, pretend that it's you. They'll be able to provide people's addresses. If that information has been leaked and try to hack, um, hack you from the SIM from your phone company and claim to be, they've lost a SIM though. The SIM sometimes stupid phone companies will just give them a SIM number and then you're screwed. Right. So at this point, if you guys haven't done so already, if you're using a cryptocurrency exchange, make sure you have to Google to F a, and not a SIM card to F a right now. Um, yet again, don't do this in a panic. Make sure you're in a clear, you know, safe environment. Make sure you write down the recovery phases correctly. Make sure you put it on a phone that you're not going to lose. Like it's, it's getting yourself familiar with higher security and this can be done over time. There's no, absolutely no urgency to do so. Because a lot of time I feel like if you're urgent and you're in a rush scenario, we can, you know, we can do some wrong steps and it can screw you up. Right. So very consciously, very clearly figure out how to just improve the security and follow those improved securities there. This also goes the same, not just with exchanges, but with your emails as well. Um, Google has a security center. Um, they have good instructions yet again, just do that. I also have another video coming up. This is something that I've done recently, which is with these really ugly things. This is called a YubiKey and they don't cost a lot. They cost around $29. I'll put a full video review. I'll push that video out as soon as possible as well. But this also provides another layers of security to both your Google, Gmail and exchange accounts. So that means every time you need to make an exchange withdrawal, you need to physically press this little golden disc here. So even if hackers, they know your email and then for some freakish manner, they've managed to find your password to and maybe potentially breach it to a phone. They still have to physically get this key, which is literally impossible. Right. So at this point, just be very careful. But no, um, at this point, I don't really know how to end this video. I feel like really angry and pissed off still, to be honest, like this sort of hack is just horrific. Um, so anyways, leave some comments down below what you think and what you're feeling at this time. Um, I, I spent a lot of today figuring out how to improve my security. And I just wanted to get this video as soon as possible to you guys. So anyways, that's pretty much it. And what I want to cover, leave comments down below or concerns down below. I'll see you guys in the next video.