Deeper Look into the Million Ledger Breached Data

And Yes, it’s disastrous. Impacting Governments, Banks, VC’s, and more.


This article may save your crypto assets!

  • Check to see if you are impacted (very likely!) by the massive Ledger data breach! https://ledgerhack.anchainai.com/

  • If your organization is mentioned, Contact AnChain.AI for more details.


What happened?

Breaking news as of this December, 2020: Popular cryptocurrency hardware wallets, Ledger, had their eCommerce database hacked in June of 2020. Now we are seeing massive customer personal information leaks, including over 1 million emails, and 272,000+ personal information leaks, including shipping addresses, phone numbers.


Check here to see if your personal information was leaked in this attack.


Similar to the Equifax hack in 2017 that exposed over 100 Millions US household privacy data, the 2020 Ledger data breach has impacted the global cryptocurrency community. Equifax data breach was believed to be the wake up call of data privacy regulations such as GDPR (General Data Protection Regulation, enforced in EU), and the recent CCPA (California Consumer Privacy Act). Would Ledger violate these data privacy laws?


AnChain.AI feels the responsibility to raise public awareness on the upcoming fraud and cyber-crimes. As a leading blockchain cybersecurity company, our threat intelligence depicts the impact is actually underestimated at this moment. This concerns us on a personal level as well. We have employees, investors, friends and families that are impacted by this massive data breach.


How bad is the Ledger data breach !?

Pretty bad. It is probably the largest cryptocurrency customer data breach in history. It impacts over 1 million global Ledger customers, in the following sectors: blockchain, banking, venture capitals, governments, universities, and many individuals. It also shows a massive global impact across America, Europe and APAC.


The breached Ledger customers’ privacy data include: emails, names, physical addresses, phone numbers. Sample Ledger breached data as below indicates these organizations are impacted:


US Department of Justice, Homeland Security, Brazil and Singapore government, JP Morgan Chase bank, UC Berkeley, Stanford, and more.

Sample records from Ledger data breach: US Department of Justice, Homeland Security, Brazil and Singapore government, JP Morgan Chase bank, UC Berkeley, Stanford, and more.


Most Ledger customers in this breach are from the USA (39%), Germany(10%), UK(9%), and many European and Asian countries. It would be interesting to see how data privacy regulations such GDPR (Europe), CCPA (USA) will react to this data breach.



Who exactly are impacted?

AnChain.AI data scientists had a deep dive into the massive breached data. With a bit of NLP and Python scripting, we analyzed all email domains and revealed these organizations are being impacted.



Surprisingly, Ledger’s customer base is quite extensive, including the traditional industries that are remotely related to cryptocurrencies such as: large banks, consulting firms and governments, are also exposed.

  • 18 Venture Capital funds: A16z, SIG, Index Venture, BVP, Sequoia, Founders...

  • 32 Banks: JP Morgan Chase, Goldman Sachs, Bank of America, Wells Fargo, HSBC …

  • 70 Blockchain companies: Ripple, Coinbase, Binance, Kraken, Chainalysis, Bittrex, …

  • 78 Consulting firms: Accenture, Deloitt, PWC, EY, …

  • 87 Internet / High tech companies: Tesla, Amazon, Facebook, Apple, Microsoft, Google, Salesforce, Disney...

  • 157 Government agencies: DOJ, IRS, Singapore, Brazil, …

  • 278 Universities: Cornell, Berkeley, Stanford, MIT, Harvard, …


Interestingly, Tesla employees’ emails in Ledger customer database? Hope he spoke to Elon Musk. 😆


The full breakdown on the industry sectors that are impacted.






While the majority, about 850,000 breached emails, are possibly retail customers that use personal email such as Gmail, Hotmail, Yahoo, Mail.ru, etc.

What should you do ?


Ledger data breach indeed is a disastrous cybersecurity incident in cryptocurrency history. We hope this will urge the industry to revisit their data security and privacy, and make sure customers’ data are as SAFU as their crypto assets.


The next 4 steps:


1, First, you should check if you are impacted: https://ledgerhack.anchainai.com/


2, Understand the risk: Ledger data breach only involves their eCommerce website, NOT their hardware wallets. Your crypto assets in Ledger wallet are AS SECURE AS BEFORE.


3, Expect more targeted phishing attacks from various attack vectors: phishing email, phone SIM swap attack and more. We prepared a detailed guide on how to recognize them, and secure yourself in this massive data breach.

https://www.anchain.ai/post/ledger-data-breach-cryptocurrency-survival-guide


4, If your organization is mentioned, Contact AnChain.AI cybersecurity expert team for more details: Info@AnChain.AI

Attachment: Companies that are impacted by Ledger Data Breach 2020.


Attachment:

# Companies that are impacted by Ledger Data Breach 2020.

# AnChain.AI , 2020/12