Hardware provider Ledger has now confirmed that their marketing database was breached between June and July.
The breach was brought to the attention of a researcher who was participating in its bounty program, the company said in an email on July 29. Although the team was able to rectify the breach immediately, further investigations by the teams revealed that a similar action had been carried out by an authorized third party on June 25.
According to Ledger, a subgroup of 9,500 customers had their names, addresses, and phone numbers exposed due to the data breach.
The person used the API key to access the marketing and e-commerce database that the company uses to send promotional emails. According to Ledger, a subgroup of 9,500 customers had their names, addresses, and phone numbers exposed due to the data breach.
The company claimed that API keys used to access the database have now been disabled.
For the Ledger wallet users, on Ledger’s official blog they wrote;
“This data breach has no link and no impact whatsoever with our hardware wallets nor Ledger Live security and your crypto assets, which are safe and have never been in peril. You are the only one in control and able to access this information.”
Ledger added that they are actively monitoring all online marketplaces to find evidence of the stolen data being sold but have not yet found any. Ledger said it would never ask users for their recovery phrase.