In July 2020, the database of Ledger got compromised. According to Ledger, known for their hardware wallets, personal information of approximately ten thousand customers got hacked. Two days ago, Ledger published that the damage was more severe than they thought as the personal information of 270.000 customers was targeted.

Personal information

The hacker made the data publicly on Raidforum, an online forum dedicated to buying and selling ‘hacked’ information. User Burgulema111 mentioned that he had over one million email addresses which he got from the Ledger newsletter subscription and data regarding 272.853 order transactions. This data contains email addresses, home addresses and phone numbers.

Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.

— Ledger (@Ledger) December 20, 2020

Now what?

We advise everyone that has purchased a Ledger hardware wallet to check out the website: https://haveibeenpwned.com/

Here you can enter your email address and check whether your data was compromised in the hack. In addition, you can see other events or occurrences where your data was hacked. Now that hackers got hold of the information, phishing mails are already being sent to Ledger customers. Do not fall for these phishing emails and never ever share your 24 recovery phrase! Although they might seem like official communication from Ledger, the company would never ask for your PIN code or recovery phrase through email.

MOST IMPORTANTLY: Never share the 24 words of your recovery phrase with anyone, even if they are pretending to be a representative of Ledger. Ledger will never ask you for them. Ledger will never contact you via text messages or phone call.

— Ledger (@Ledger) December 20, 2020