Crypto hardware wallet manufacturer Ledger has experienced a data breach in which email addresses and other data of 1 million customers were stolen.
The attack occurred on June 25, but the Ledger team was made aware of the incident on July 14 when a researcher participating in Ledger’s bounty program discovered the data breach.
According to the official announcement, “an unauthorized third party had access to a portion of our e-commerce and marketing database through an API Key.” The API key has been deactivated and is no longer accessible, the crypto hardware wallet company informed.
The attackers gained access to the e-commerce and marketing database and then stole email addresses of 1 million customers as well as the first and last name, postal address, phone number, and ordered products of 9,500 customers. However, the company assured that no payment information or digital currency private keys were compromised in the attack.
The company has warned its users to look out for phishing scams in the near future. The attackers may use the data they obtained to solicit customers and try to obtain access to their digital currency wallets, the company informed.