Credit: Original article published by Crypto Briefing Blog.

Last month, hackers made public data from Ledger’s e-commerce and marketing databases. Today, Ledger revealed the hacker’s connection to e-commerce giant Shopify.

Data Theft Led Rogue Employees at Shopify

This massive data dump included personal details belonging to approximately 272,000 customers of the hardware wallet company, including names, shipping addresses, and phone numbers.

Ledger initially reported that the breach was caused after an attacker had gained unauthorized access to its databases using a third party API key. New information reveals the attacker had links to Shopify.

In a recent blog, Ledger has now identified that the illegitimate access to its database had been made through Shopify. The crypto firm hired the popular e-commerce platform to manage sales-related operations. 

Through illegal access, two rogue employees at Shopify illegally exported customer transactional records for the months between April and June 2020, Ledger wrote. This data was later leaked on web forums and used for launching phishing attacks on thousands of customers. 

Working with forensic firm Orange Cyberdefense, Ledger has determined that 292,000 customers, 20,000 more than previously reported, have been affected.

Ledger has filed a complaint against the Shopify employees with the French public prosecutor. 

Tackling Ledger Phishing Campaigns

Despite more information on the attack vector, continued phishing attacks and ransom threats have plagued Ledger customers.

The company set aside a bounty fund of 10 BTC, nearly $300,000, to be paid to anyone that can provide information on those involved. Here is the Bitcoin wallet address.

The company is also working with Chainalysis to track cryptocurrency wallets used by phishing scammers and Corsearch to shut down existing phishing websites. The company has been successful in closing down 216 phishing sites. 

This article is strictly for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. CryptosOnline.com does not provide investment, tax, legal, business or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any loss or damage caused or alleged to be caused by, or in connection with, the use of or reliance on any content, goods, services or opinions mentioned in this article.

Categories:

Tags:

Comments are closed

Translate

Visit Our Other Websites

EdgyBranding.com - Premium Domain Names.

Notezi.com - Social Network

Dexize.com - Ultra-Priviate DEX.

ClassicAutomobile.org - Classic Automobile News.