Hardware wallet brand Ledger has pushed a notification to its users alerting them about a data breach incident that has affected its third-party e-commerce payment processor, Global-e. The data breach attack on Global-e has led to the leak of the names and other private details of Global-e users, a portion of which also make for Ledger users.
Popular Web3 scam investigator who goes by the handle @zachxbt published a screenshot of Ledger’s correspondence on X.
“We retained independent forensic experts to conduct an investigation into the incident and were able to determine that some personal data including name and contact information were improperly accessed,” the mail said.
Ledger, since October 2023, has been using Global-e’s e-commerce solution to sell its products on its official website.
Source: shop.ledger.com
The response to this incident instantly amplified calls from the community for more secure places to store funds. Replying to one such comment under his post, Zachxbt said, “none of these hardware wallet companies can be trusted so it’s best to submit fake info when purchasing.”
As of now, the hardware wallet provider has not made any formal announcement regarding the leak. The extent of the breach also remains unclear.
Earlier this week, Ledger’s official X handle did claim that it stores users’ private keys offline — making crypto under management inaccessible for bad actors. As per its recent posts on X, the platform had been boasting of its security practices — only to have its user details potentially leaked because of a third-party payment process for e-commerce transactions.
Back in 2020, a data breach incident that had hit Shopify had exposed the private details of reportedly over 270,000 users, many of whom were Ledger users. Following this attack, multiple Ledger users had reportedly met with phishing attacks or attempts.
This is a developing story.