Data stolen from a hack of cryptocurrency wallet provider Ledger SAS, which the company initially denied but eventually confessed to in July, has been published online.
The stolen data was offered for free on Raid Forums, a website that has become well-known this year for being an internet site. It’s not on the dark web, a shady corner of the internet reachable with special software, but on the regular web.
The listing on Raid Forums offers the Ledger database with email addresses, names, phone numbers and physical addresses. Commenters on the offer describe the stolen data as “nice and high quality.”
The exact amount of data stolen and published is not immediately clear. The initial hack is said to have involved the hack of more than 1 million records, but Ledger told Coinbase that the total was 9,500. It later emailed customers and said that the number may have been 272,000, the latter figure “not available in the logs that we were able to analyze.”
Ledger took to Twitter to defend itself in a long series of tweets, among other things claiming that it “sincerely” regrets the situation and that it takes privacy extremely seriously. “Avoiding situations like this are a top priority for our entire company, and we have learned valuable lessons from this situation,” one tweet noted.
Although certainly not breaking any records for hacks and published data leaks, the number is still significant given that it’s related to cryptocurrency wallets at a time that bitcoin is hitting record highs. Worse still, as Jameson Loop, chief technology officer at CasaHOLD noted, only 1% of Ledger customers went to the trouble of protecting their home address with a post office box or private mailbox.
No hack and theft of customers of details is a good thing, but it’s a regular occurrence. The hack of Ledger differs, however, in terms of the ability for customers to take action on the matter. “The current terms of service, published by Ledger, prevent most of the legal actions the victims may be considering under the circumstances,” Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb, told SiliconANGLE.
“If at the moment of the breach…