Ledger customers’ data has been leaked yet again, putting the state-of-the-art hardware wallet company into another compromising position.
Ledger announced on Twitter that it has been targeted by rogue Shopify team members who exported over 200 merchants’ customer databases in April and June of 2020. 292,000 customers have been affected, and Ledger says that while 93% of the leaked data is similar to the previous hack, around 20,000 new customers have been compromised.
“We have directly contacted the concerned users to inform them about this,” Ledger wrote.
According to Ledger, while the Shopify hack was initially exposed back in September, Shopify failed to notify them that they had been targeted until late December. That was around the same time that Ledger was dealing with fallout from the first hack—an unrelated database breach which resulted in 272,000 customer records, including names, addresses, phone numbers, and over 1 million email addresses, being made publicly available.
Ledger has posted a detailed update on their website outlining new security measures it plans to take against future breaches. These measures include deleting personal data related to purchases within shorter timeframes, limiting security and technical information to their first-party Ledger Live app, and seeking legal action against the leakers. Ledger also emphasizes that customers should never give their 24-word recovery phrase out to anyone.
While funds secured by Ledger wallets have remained safe from hacks, customer data leaks are especially glaring to see from a company that specializes in security hardware. Needless to say, Ledger customers should remain extra careful of potential phishing scams for the foreseeable future.