Posted on

Data leakage at Ledger – What are the risks for the company and how to protect yourself?

The news came this weekend, and it was like a bomb. A Ledger customer database hacked last June leaked yesterday on a forum. While Ledger claims the funds are safe, the personal data is in the wind. What are the risks for Ledger, and how to protect against attacks?

How can I protect myself against possible hacks or phishing attempts?

First of all, remember to change your email address, and ideally to close the access to the faulty email. This is potentially the gateway to your cryptographic platforms and any other sensitive data. If you use the same email address to connect to your exchange platform Immediate Bitcoin as the one used to order your Ledger or their service, change it. To find out if your email has leaked, you can find out here: Have I Been Pwned

For security reasons, you should also change your passwords; they have not been leaked since they were not informed when you bought a Ledger key, but a little computer hygiene does not hurt, especially after an attack of this magnitude. Remember to use a complex password, with many alphanumeric, special and different characters on each platform.

Then, the second doorway could be your phone number. You probably entered it when you ordered your Ledger key; and its escape could be a problem. Especially if you use a double authentication by SMS, cause of sim swapping in particular, which consists in retrieving your phone number on another SIM card from very simple information: surname, first name, address and sometimes date of birth.

If you use a 2FA generator linked to your phone number, or mail leak, same problem. Remember to change this setting from the security area of all your accesses using these same details. And rake broadly; banking, professional, or other areas, everything that could have a relationship with this number. Changing your phone number may be an option for some people.

In any case, do not click on links that you might receive by SMS or email. This will most likely be phishing, aimed at stealing your private keys. As a reminder, Ledger states that cryptomoney is not in danger.

Despite the July data leakage, your crypto-actives are safe. Although sincerely regrettable, this leak only concerns data related to e-commerce. It has no impact on your portfolios, the Live Ledger application or your funds.https://t.co/K0M65DQCOl

– Pascal Gauthier (@_pgauthier) December 21, 2020

Another way to secure your funds would be to use 2FA, YubiKey type keys. These keys, which communicate with your wallet via NFC or USB port, provide an additional identification factor.

Finally, for your home address, it’s more complicated. Some people have a feeling of insecurity, which is understandable. Having all this data in the wild is hardly reassuring. Burglary is still an extreme case, just like kidnapping. According to our information, purchases made via external resellers such as Amazon are not affected by this data leakage.

As far as Ledger is concerned, they have announced that they have thoroughly reviewed their security since last summer’s attack.