• About Us
  • Privacy Policy
  • Contact Us
Subscribe
Lascena
Advertisement
  • Home
  • Bitcoin
  • Cryptocurrency
    • Altcoin
    • Litecoin
    • Ethereum
  • Blockchain
  • Regulation
  • Market
  • Prices 2021LIVE
  • Videos
No Result
View All Result
  • Home
  • Bitcoin
  • Cryptocurrency
    • Altcoin
    • Litecoin
    • Ethereum
  • Blockchain
  • Regulation
  • Market
  • Prices 2021LIVE
  • Videos
No Result
View All Result
Lascena
No Result
View All Result

Why Ledger Kept All That Customer Data in the First Place

December 21, 2020
in Blockchain
Reading Time: 5min read
Why Ledger Kept All That Customer Data in the First Place


First, the good news, in a manner of speaking: Ledger customers can now see firsthand whether their personal information was exposed in the hack discovered in July.

Someone posted the complete lists of 1 million email addresses and 272,000 names, mailing addresses and phone numbers belonging to customers of the France-based maker of hardware cryptocurrency wallets. The latter list is a lot bigger than the number previously disclosed by Ledger (9,500). 

Ledger did not address the discrepancy in a tweet storm Sunday apologizing again for the breach. A spokesperson did not immediately respond to an email requesting comment.

“It is a massive understatement to say we sincerely regret this situation. We take privacy extremely seriously,” the company said. “Avoiding situations like this are a top priority for our entire company, and we have learned valuable lessons from this situation which will make Ledger even more secure.” Among other steps, Ledger has hired a new chief information security officer and taken down 170 phishing sites since the breach, it said.

There are at least three file-sharing sites, reminiscent of the golden age of MP3 blogs, where you can download the two lists. I will not post the links but it took just a few minutes searching Twitter to find them. 

If you do download the trove, please check for your own details, then delete it. If you keep the file, gawk at the names or gossip with friends about it, well, I’ll be very disappointed. 

Several of the email addresses in the data leak match those which received phishing emails from scammers seeking to defraud CoinDesk readers. 

As we reported in July, these scammers were copying legitimate CoinDesk newsletters, adding some fraudulent paragraphs and links about a crypto giveaway, and sending them to individuals who never signed up to receive CoinDesk emails to begin with. 

Casa CTO Jameson Lopp suggested in November that Ledger customers may have been targeted; today’s data dump would suggest that’s true. 

Read more: ‘Convincing’ Phishing Attack Targets Ledger Hardware Wallet Users

Bigger picture

The bad news: O.K., it’s not news but Sunday’s data dump serves as a sobering reminder that even a maker of hardware crypto wallets can become a honeypot of sensitive data.[1]

 The reason is partly due to the marketing imperatives of a startup, and partly due to legal and regulatory requirements.

In an FAQ posted in July, the company said an attacker had accessed part of its marketing database through a third party’s API key that had been misconfigured on Ledger’s website. 

As soon as the breach was discovered, the key was deactivated, Ledger said. But not in time to prevent the rascals from accessing the lists and, apparently, selling them to phishing artists. 

Why would a third party have an API key? The FAQ goes on to explain:

Ledger e-commerce and marketing teams use a third-party solution (Iterable) to send and analyze transactional and marketing emails to customers who have bought products on ledger.com or have signed up to receive our newsletters. … In accordance with our Privacy Policy, as a data controller, we may transmit some of your data to third parties such as payment service providers (PSPs) infrastructure, logistics, and other services providers, within applicable contractual and legal frameworks.

That covers the emails. What about all those mailing addresses, names and phone numbers? Why not purge those after shipping the goods? Back to the FAQ:

For legal reasons, we are obliged to store some transactional information relating to our customers’ contact details and their orders data. 

In accordance with the storage limitation principle set forth under applicable laws, we endeavor to retain data for no longer than the time required to comply with such legitimate and legal purposes, including satisfying any legal, accounting, tax, or other compliance reporting requirements. 

We may archive some of your personal data, with restricted access, for an additional period of time when it is strictly necessary for us to comply with our legal and/or regulatory archiving obligations and for the applicable statute of limitation periods. 

At the end of this additional period, your remaining personal data will be permanently erased or anonymized from our systems. If you purchased a product or a service from us, we may retain some transactional data attached to your Contact Details to comply with our legal, tax or accounting obligations for a maximum 10 years period set forth by French applicable laws, as well as to allow us to manage our rights (for example to assert our claims in Courts) during applicable French statutes of limitations. 

We also need to retain some of your personal data contained in this database, in order for us to answer your questions, to process potential claims, and to retain evidence for the criminal investigation.

In other words, sometimes companies’ hands are tied and they have to hold on to the toxic waste that is customer data even if they don’t want to. 

Take heart; there are ways to mitigate the risk of exposure even when ordering physical products, as CoinShares chief strategy officer Meltem Demirors noted on Twitter: 

[1]I’m using the term “honeypot” in the sense of “a valuable target for hackers,” not “a decoy site to trap them.”

Read more: Let’s Be Privacy Scolds





Source link

Facebook0
Twitter0
Linkedin0
Print0
E-mail0
Yahoo Mail0
GMail0
SMS0
Messenger0
Tags: CustomerDataLedgerPlace
Next Post
Bitcoin Gains as US Lawmakers Reach $900bn Stimulus Deal; What’s Next?

Bitcoin Gains as US Lawmakers Reach $900bn Stimulus Deal; What's Next?

A Slowing of Grayscale Bitcoin Fund Inflows Could Prompt Price Correction: JPMorgan

A Slowing of Grayscale Bitcoin Fund Inflows Could Prompt Price Correction: JPMorgan

Don't Miss

Why The Bitcoin Price Recently Found Support At $46K
Bitcoin

Why The Bitcoin Price Recently Found Support At $46K

by Lascena Cryptocurrency News Education
March 2, 2021
0

After plummeting from $46k to $43k on Sunday, Bitcoin managed to hold onto the critical support level of $46,000....

Read more
HOLY COW!!! BITCOIN GOLDEN CROSS & 100% ACCURATE SIGNAL SAY BULL RUN IS HERE

HOLY COW!!! BITCOIN GOLDEN CROSS & 100% ACCURATE SIGNAL SAY BULL RUN IS HERE

March 2, 2021
“We don’t need the $1,200 Second Stimulus checks” XRP Here’s What Would Help More | Shark Tank Kevin

“We don’t need the $1,200 Second Stimulus checks” XRP Here’s What Would Help More | Shark Tank Kevin

March 2, 2021
HUGE: Fidelity Investments Suggests A $1,000,000 Bitcoin Price As They Start New Fund | Bitcoin News

HUGE: Fidelity Investments Suggests A $1,000,000 Bitcoin Price As They Start New Fund | Bitcoin News

March 2, 2021
Nervos CKB bringing back GPU Mining?! Dual Mine Ethereum and CKB | How To Mine on Windows & Linux

Nervos CKB bringing back GPU Mining?! Dual Mine Ethereum and CKB | How To Mine on Windows & Linux

March 2, 2021

Lascena Cryptocurrency News Education

We have all the latest updated and legitimate information related to Blockchain, Cryptocurrency, latest market rates & trends, prices, new regulations along with every other thing that somehow related to crypto or digital currency market. Our main idea is to provide the kind of news that is original and at the same time, it can prove to be beneficial for our audience.

© 2020 lascena.ca

  • About Us
  • Privacy Policy
  • Contact Us
No Result
View All Result
  • Home
  • Bitcoin
  • Cryptocurrency
    • Altcoin
    • Litecoin
    • Ethereum
  • Blockchain
  • Regulation
  • Market
  • Prices 2021
  • Videos

© 2020 lascena.ca

  • bitcoinBitcoin(BTC)$48,880.002.10%
  • ethereumEthereum(ETH)$1,559.902.13%
  • cardanoCardano(ADA)$1.23-3.68%
  • Binance CoinBinance Coin(BNB)$249.36-2.09%
  • tetherTether(USDT)$1.00-0.34%
  • PolkadotPolkadot(DOT)$36.324.09%
  • rippleXRP(XRP)$0.4426052.05%
  • chainlinkChainlink(LINK)$29.3410.66%
  • litecoinLitecoin(LTC)$180.705.42%
  • bitcoin-cashBitcoin Cash(BCH)$531.509.24%