Ledger Users Targeted in Phishing Scam Following Global-e Data Breach

Cybercriminals have reportedly launched a focused phishing marketing campaign utilizing a faux merger between cryptocurrency {hardware} pockets producers Ledger and Trezor.

This follows a latest knowledge leak at Ledger’s third-party e-commerce accomplice, Global-e.

Details of the Phishing Scam

On January 5, Ledger disclosed to its clients through e mail that Global-e had suffered a knowledge breach, exposing buyer data, together with names, e mail addresses, cellphone numbers, and order particulars. Shortly after the incident was made public, affected customers started receiving phishing emails falsely claiming that the 2 corporations had merged. Screenshots of the faux communications have since been shared on X.

“We are happy to announce that after months of strategic discussions, Ledger and Trezor have finalized a merger settlement. This landmark partnership unites two business leaders with a shared imaginative and prescient of offering the very best customary of safety for digital asset administration,” read the message.

The e mail additional acknowledged that the choice would permit the 2 companies to speed up innovation, broaden their product choices, and proceed their dedication to defending purchasers’ property. Recipients had been additionally instructed to “migrate” their wallets by coming into their 24-word restoration phrases on a faux web site designed to imitate official branding.

In response to the assault, Global-e has reportedly launched an inside investigation into the hack and is working with cybersecurity specialists to evaluate the scope of the incident. Meanwhile, the corporate has not disclosed the precise variety of affected customers however confirmed that the breach was restricted to contact and order data.

Ledger has additionally reportedly notified related knowledge safety authorities and is cooperating with regulation enforcement companies.

A History of Data Breaches

This episode is just not the primary time Ledger has been concerned in such a scandal. In 2020, attackers additionally accessed its e-commerce and advertising and marketing databases, exposing the private data of tons of of 1000’s of customers.

The disclosed knowledge included e mail addresses, names, cellphone numbers, and bodily addresses, with affected customers later reporting receiving phishing emails and threats. At the time, the pockets producer confronted public criticism for its delayed disclosure and insufficient safeguards, which resulted in a proper lawsuit being filed in opposition to it and Shopify.

The firm later confirmed {that a} rogue Shopify worker was answerable for leaking the private particulars of roughly 20,000 clients. This was adopted by a separate assault later that yr, in which the information of about 292,000 clients was revealed on-line.

More not too long ago, the agency suffered one other safety incident, ensuing in the theft of roughly $600,000 in cryptocurrency after a pockets drainer was inserted right into a library utilized by a number of decentralized functions to connect with their units.

The publish Ledger Users Targeted in Phishing Scam Following Global-e Data Breach appeared first on CryptoPotato.