makeorbrake wrote: » Not true? Are you saying that you have been getting ledger phishing emails yet you're not on the breach list?Here's a better link - that will show all the data that has been exposed.
td2008 wrote: » Once you have the private key it doesn't matter if the drive itself fails.
Elessar wrote: » No I'm just saying that if your email is on the list, it doesn't necessarily mean your name, address and phone number are on it.
makeorbrake wrote: » Input your email address here and that will confirm if you're part of the breach. If you've been getting those emails, you almost certainly are. That means the physical address, email address, your name and phone number provided are all exposed. Aside from phishing emails, anyone on that list could be subject to a $5 wrench attack or sim swapping. Some have suggested that their data was compromised despite having requested that ledger delete their data. I hope that the company get nailed to the cross under GDPR. The company claimed that only a fraction of their database had been hacked. It's possible that this action alone led the hackers to make this data available to anyone. In the longer run, it's probably for the best though - as it highlights to all of us that if you submit data to a third party, there's every chance that data will be compromised. Probably best to assume that from the outset.
makeorbrake wrote: » Here's a better link - that will show all the data that has been exposed.
donnaille wrote: » I'm in the email list, but I'm not in the customer details database, even though I bought a Ledger in the period that data was stolen.
unkel wrote: » So what's the added value of the drive then?
makeorbrake wrote: » Interesting - lucky you!
donnaille wrote: » Luckily I've moved from the address (and country from the time) in any case, but main point is that you may get the phishing emails from being on the mailing lists alone.
unkel wrote: » LOL, all revenue commissioners in all countries in the world have taken a copy of that Get yourselves ready for a sweet wee audit...
stockshares wrote: » Would I have to contact ledger to see if home address was included?
stockshares wrote: » How do people handle their accounts and signups after these breaches? Do you have to change your email address with every company or site that has it?
makeorbrake wrote: » I've also moved - but in theory I'd have exposure to a sim swapping attack.
unkel wrote: » I always had grave concerns about those ledgers. Not only from a security point of view, but also from a reliability point of view. Solid state media is extremely vulnerable to failure. That's why I never bought one.
stockshares wrote: » Pwned says my email was included but it didn't show in the 2nd link. Would I have to contact ledger to see if home address was included? How do people handle their accounts and signups after these breaches? Do you have to change your email address with every company or site that has it? Edit:I also want to apologise to people here for recommending Ledgers during the Black Friday Sale. I had no idea that buying them could lead to Home Address and Account details being exposed.
LedgerSuck wrote: » Fair play. It's really weird but so many people on r/cryptocurrency are defending them and still recommending them
makeorbrake wrote: » Don't believe the info they provide you with if you do. I'm reading reports on crypto-twitter of guys having done so and Ledger confirming that only their email was exposed (when the subsequent dump revealed that other data was exposed). If it's not in the raw data then I guess it's not there...although its weird that Pwned confirmed that its included. Double check it.
makeorbrake wrote: » It would be best to have a unique email address for each exchange sign up and for stuff like this. It's a lot of work - but its better opsec. Also a voip number rather than regular mobile number so you can't get sim swapped.
donnaille wrote: » There are over 1mn. email addresses included in the email list file and 273k customer details on the orders extract - so there is a chance your address does not appear (at least not in the dataset that is currently circulating).
makeorbrake wrote: » Hmm...can't really defend this. This is not like any other breach. This data is a far greater honeypot than your typical breach given what's involved. Ledger's screw up here is symptomatic of a sector that has to become far more professional.
RoboRat wrote: » Wow, Ledger really shot themselves in the foot. That's a massive data breach and it's not just email addresses. I can see them getting a substantial GDPR fine because this is a very serious case and risks someone getting physically robbed. I do wonder if the sites publishing the data, although doing it for the right reasons, also risk getting fined? Waaaaay too much info out there right now.
RoboRat wrote: » Wow, Ledger really shot themselves in the foot. That's a massive data breach and it's not just email addresses. I can see them getting a substantial GDPR fine because this is a very serious case and risks someone getting physically robbed.I do wonder if the sites publishing the data, although doing it for the right reasons, also risk getting fined? Waaaaay too much info out there right now.
stockshares wrote: » Edit: I also want to apologise to people here for recommending Ledgers during the Black Friday Sale. I had no idea that buying them could lead to Home Address and Account details being exposed.
stockshares wrote: » Can the orders extract be checked?
stockshares wrote: » Do I need to change this email address with every company Im signed up to?
stockshares wrote: » What are the right reasons?