After the great controversy generated by the leak of Ledger users' data on the Internet, the company is announcing a new security plan that, this time, will guarantee their protection.
According to Ledger's new head of security, Matt Johnson, who joined the company in mid-December, the company is now prepared to launch new security measures which will allow it to reinforce the protection of the data of its users and clients, and avoid future attacks and leaks such as the one that occurred between the months of June and July 2020. This data leak, which was carried out in the marketing and Ledger's e-commerce, left exposed personal and private information of more than 1 million of the company's users, who have been heavily affected by phishing attacks, where cybercriminals seek to trick them into stripping them of their cryptocurrencies.
The situation has worsened for many of those affected in recent weeks, since one of the hackers made user information public on the Internet, unleashing a wave of new phishing and extortion attacks, where victims complain of receiving up to 15 daily emails and text messages with constant threats to make them hand over part of their holdings in Bitcoin and other cryptocurrencies, . Andreas Antonopoulos, the renowned Bitcoin evangelist, performed a call for calm about this situation on his YouTube channel, stating that a large part of these attacks only try to instill fear in the victims, and that at no time were user funds affected; Even so, there is a lot of annoyance, anger and discomfort among those affected.
To compensate for this, the company committed to addressing the data breach and designing a security plan to ensure that a similar situation does not occur again in the future.
It may interest you: Ledger reports on a hack that leaked customer information over the past two months
The new security plans
Ledger began his plan by remembering that his teams of hardware wallets are the only independently certified ones on the market. And, it is worth mentioning, that the company's data leak only affected users' personal information, not their devices or their crypto assets. The company also reminded that at no time, and under no circumstances, should users hand over their personal information. recovery keywords o private keys. They emphasize that as long as this data is not shared, the funds will always remain safe within the devices. The company also stated that it is developing a new innovative product that allows it to guarantee the safety of its users. Among the possibilities of this product is the protection of your balances even if you have shared your keywords by accident.
A shift to data storage
Likewise, the company continues to note that it will change the way the company will collect and manage customer data. For example, Ledger will keep the personal data of users and customers for the shortest time legally possible. In addition, it will also minimize the display of personal data in emails as much as possible and move the necessary data to a more segregated environment as soon as possible. In addition to this, it will create a secure channel for effective communication and messaging through Ledger Live, which users will be able to use reliably.
“We aim to delete data such as name, address and telephone number as quickly as possible, even if we could keep it under the GDPR.”
The chief security officer also noted that the company will go beyond the privacy standards established and required by the European Union's General Data Protection Regulation. Ledger will also delete data from its e-commerce partner Spotify, and stated that he will move this data to a database that cannot be accessed from the Internet.
Reward pool of up to 10 BTC
Finally, Ledger announced that it will allocate additional resources to establish a reward fund of up to 10 BTC, which will allow it to identify and prosecute those responsible for the cyberattack on its clients' data. The company believes that in this way it will be able to obtain information that will lead to a successful arrest and prosecution of those responsible.
Most affected by Spotify
In addition to the estimated 1 million users the company confirmed as being affected by the direct breach of Ledger's marketing and e-commerce databases, the company revealed that another 20.000 users were affected through the data breach that occurred. on Spotify.
The music streaming platform detected a security breach at the end of September 2020. And, although the accounts of more than 300.000 users were reset when the security vulnerability was detected, malicious actors managed to leak a large amount of data, including information on 20.000 new users. Ledger, Johnson reports. This information includes emails, names, postal addresses and telephone numbers. In addition there is also the detailed order history. This information includes the names and description of the products ordered and even login credentials. Without a doubt, information that hackers can try to use to try to access other platforms that users use with the same credentials.
The CEO of Ledger, Pascal Gauthier, has indicated to several media outlets that even the company's data leak could have originated through its partner Spotify, since the leak that this platform suffered, due to the actions of dishonest members of its support team, could have given access to the records of customer transactions and products of Ledger customers.
"Agents illegally exported customer transactional records in April and June 2020," noted Gauthier in a publication.
Continue reading: Ledger to face data breach lawsuit, users run high risks
