Ledger CEO responded to the data leakage of 270,000 users: no compensation, no responsibility (www.blockcast.cc)

Ledger CEO Pascal Gauthier said that the company will not make any compensation to customers who accidentally leak personal data, and will invest time and money to build a new layer of security.

Recommended reading: ” Through 270,000 Ledger user information, I got the most hardcore cryptocurrency user portrait “

Original title: “270,000 user data leaked, CEO: no compensation, don’t take the threat seriously”
Written by: Tim Copeland
Translation: Nuclear Cola

On December 21, the hacker website Raidforums disclosed more than 1 million customer emails stolen from hardware wallet manufacturer Ledger. Ledger then stated that “it may indeed be the content of our e-commerce database in June 2020”. Ledger estimates that sensitive information such as the names, delivery addresses, and phone numbers of 270,000 users has been leaked online.

The network security website haveibeenpwned.com stated that 69% of the addresses in the database have been compromised since the initial hacking.

Ledger CEO: No compensation will be made

The encrypted wallet launched by Ledger can be connected to a computer to access encrypted currency accounts. The hacker’s initial target was the Ledger marketing and e-commerce database, which meant that only contact and order details were involved. No financial information, recovery statements or keys were exposed in the attack. Benoit Pellevoizin, Ledger’s vice president of marketing, warned that the leaked information could be used in phishing attacks to try to trick Ledger customers into handing over their private keys.

Ledger’s tweet emphasized that even if someone claims to be a Ledger employee, users should never share the key with anyone. The company has also set up a web page where users can report details of phishing attacks.

But the company’s attitude remains tough. Ledger CEO Pascal Gauthier said today that the company will not make any compensation to customers who accidentally leak their personal data.

Gauthier said in an interview, “Our company is too small to fully compensate millions of users. This is simply unrealistic. On the contrary, we can only focus on the future. Ledger is currently investing a lot of time and money in Build a new security layer and strive to bring more and safer products to users.”

According to related reports, the leakage of this batch of sensitive data has led to a further escalation of phishing attacks. Prior to this, there have been many phishing emails requiring Ledger users to download malicious links and submit private keys to steal their encrypted currency. Today, new emails remind users that their names and addresses have been stolen, so unless a ransom is paid, attackers may “visit” and steal cryptocurrency directly.

Gauthier pointed out, “This is just a common online scam designed to intimidate ordinary users. Attackers always use these tactics, but the real door-to-door operation is costly and unrealistic.”

Obviously, this executive is advising victims not to take the threat seriously.

“Even if there is such a possibility-although the possibility is very low and very low, you should not be too surprised. The database intrusion actually occurred in June this year, and so far there has been no report of related attacks.”

Gauthier argued that fraudsters have always attached great importance to cost, so they are more inclined to use a wide range of phishing attacks to reach a large number of customers, rather than selecting a small number of targeted attacks.

Gauthier mentioned that customers do not need to rush to transfer. Of course, customers should not leave the private key in their own home, especially considering the fact that the private key corresponds to a huge amount of encrypted currency. “Will you store millions of dollars in cash at home? If the amount reaches this level, you shouldn’t be so careless.” Ledger also recommends that users store their private keys in a safe location that other people cannot access.

At present, many Ledger users have publicly stated that they will file a class action lawsuit against Ledger. In response, Ledger responded that officials have been cooperating with law enforcement agencies to prosecute hackers and stop some scammers.

In addition, Reddit user “u/relephants” stated that some Ledger users who were victims of the information leak in June have received threatening emails asking them to pay $500, otherwise they will be at risk of personal attacks.

The responsibility is not on Ledger?

Gauthier may not have been attacked in his own home, but Casa CTO Jameson Lopp has a say in personal safety issues. In 2017, he was beaten by special police at home. After that, he spent a lot of time and energy to hide his tracks, and even spent $5,000 to hire a private investigator to see if the other party could track him (the result was that he could not be tracked).

Lopp said in an interview, “hacking is inevitable. In essence, information is free, and all service platforms that store a large amount of information have experienced such problems, especially valuable personally identifiable information. We also It is impossible to expect the identity breach to disappear completely overnight.”

Lopp emphasized that companies should try to delete such data as much as possible (this work may be difficult to implement under the impact of European GDPR regulations).

Regarding threatening phishing attacks, he believes that “most of them are really just verbal threats and will not be put into actual action.”

But he also mentioned that fraudsters may indeed launch such attacks on some important targets. The risk of door-to-door theft is very high, so the attacker will first conduct a large number of investigations and collect evidence to understand which customers own luxury cars.

Lopp said, “But this may indeed become a catalyst or turning point for a new wave of physical attacks. In the future, perhaps more people will begin to pay attention to their private information.”

He also added that affected customers should weigh their actual situation and decide what measures to take to protect their identity data. “In short, if most of your assets are carried in encrypted currency, and you are protecting these assets in a way that is vulnerable to physical attacks, then you can easily suffer losses. Once the private key is leaked, it only takes a few clicks Button, you can forcibly transfer most or all of your wealth.”

He also suggested that customers who meet the above-mentioned situation should pay more attention to personal safety. After all, the theft is indeed possible.

Lopp pointed out that customers really should not blame Ledger for hacking. When you use it, you should use your email or even your business address to enhance your privacy, but since you use your real address, you should take responsibility for it.

“So it’s really ridiculous that people ask for refunds. Ledger’s products are okay. As far as we know, these products are still safe and reliable. It’s the people who use these products that have the problem. It’s completely different things.” Lopp said.

Source link: decrypt.co