6 Ways to Face the Data Breach

2020-12-23 19:48

As you probably know, Ledger was a victim of an e-commerce data breach during the summer. A significant amount of our users’ data was leaked.

On December 20th we were alerted of the dump of the contents of a Ledger customer database on Raidforum (a hackers’ community board). Consequently, there are ongoing new waves of phishing attacks threatening our users. 

To the users affected by the breach, we know what you are going through, and as frightening as it may be, we urge you not to panic. We deeply regret this situation, and have put in place procedures to face it. 

Here are 6 ways to face the data breach:

1- Stay calm

Scammers play on your fear to make you act rashly, stay calm, don’t panic, and never act under pressure.

When you react stressfully, you can make mistakes. So if you are changing your password, email or backing up your device, take your time to make sure that you are doing everything correctly. 

Most importantly, your funds are safe, as long as they are stored offline. Hardware wallets are the most secure way to store your assets. Transferring your funds out to an exchange, or a software wallet, will make you more vulnerable. 

Ledger products provide the best security for your crypto, the data breach under no circumstances affects the security of your device. All you need to do is make sure that your Nano and recovery phrase are kept in separate, safe locations.

2- Never share your 24 words

As previously mentioned, this data breach is not linked to our hardware wallets nor Ledger Live security, so your crypto assets are safe. Therefore, attackers cannot steal your sensitive information like recovery phrases and private keys unless you give it to them. 

You should know that you are the only one in control of this information and its access. Please exercise caution, always be mindful of phishing attempts by malicious scammers. Do not give your 24 words to anyone. We will never ask you for the 24 words of your recovery phrase, not even in Ledger Live. Ledger will never contact you via text messages or phone call.

We invite you to familiarize yourself with the anatomy of these ongoing phishing campaigns and report any attempt you experience on this dedicated page.

Ledger has sent two different emails detailing the implications of the data breach to those concerned. The first was addressed to the one million users who only got their emails leaked, the second to the remaining users with more compromised data. 

If you think that you are affected and did not receive an email from us, please head to https://haveibeenpwned.com/ to find out if you were compromised elsewhere and take measures if necessary.

3- Strengthen your access security

If your email address has been compromised in the breach, we recommend you change the associated password. When choosing a new password, use multiple types of characters, capitalization and symbols to enhance security. 

Moreover, we strongly advise you to add a two-factor authentication, also known as 2FA. This method grants you access to your email or any other platform only after successfully presenting two pieces of evidence (your initial password plus another factor) to an authentication mechanism. This can be a code sent via SMS, a notification on your mobile device, or a randomly generated password via a dedicated app. 

We do not recommend you use 2FA via SMS because of the sim swapping risk it entails. Use applications such as Google Authenticator, FreeOTP (an open source solution) or a physical key. You can utilize your Ledger device to secure your accounts with a 2FA. Here is a complete tutorial on how to do it. 

Finally, for maximum security you can consider changing your email address, all while applying the above-mentioned measures.

4- Never pay ransom

Sadly, scammers have reached a new low, we were appalled to find out that some of you are being personally threatened. Being a victim of physical threats can be dreadful and stressful. 

But please know that, scammers will try to make the least possible effort to steal money. Phishing attacks enable them to easily target a high number of customers without the risks associated to physical contact. The database has been out since June and no-one has ever reported any attack of this sort.

If you store large amounts of cryptocurrency on your device, we advise you to keep it away from your home in a secure and hardly accessible location. Just as you wouldn’t keep millions in cash at home. 
We urge you to never pay any ransom. If you fear for your physical safety and believe you are in danger, make sure to contact your local authorities right away.

5- Plausible deniability

In case you are worried of being subjected to extortion, you can add another layer of protection and resilience to your 24-words recovery phrase by adding a second back up (also called passphrase) on your Ledger device. 

This results in having two recovery phrases: one will unlock the normal set of accounts, the second one will generate a new seed and will unlock an alternative set of accounts with another set of private keys and addresses, as explained here.

Therefore, if ever you were asked under pressure to “open and empty your hardware wallet”, you could use the first code, showing the account with minimal assets. Therefore, limiting financial damage on your side.

6- Distributed backups

To avoid being subject to the horror of a home jacking, or if you just can’t find a place secure enough for your backup, you may want to have the possibility of splitting your backup in different locations. You could split your 24 words in three groups of 8 and distribute them among three places, but then you would increase the risk of loss or destruction of your backup (if one piece goes missing, it’s game over).

A better alternative would be to split your backup in three, but only needing access to two pieces to recover access.

This is quite low tech and easy to understand.

Let’s say your recovery phrase is “A B C” (only three words are necessary in our example). Then you create three pieces of papers: “A B _”, “A _ C” and “_ B C”. By taking any two pieces, you are sure to recover the full “A B C” phrase.

You can follow this online guide for more information about how to do it for your 24 words recovery phrase.

Last but not least

This is a difficult time for us all. To those of you who stood by us, we thank you. And to every Ledger customer, please trust that we are working around the clock to make sure this never happens again, we promise to do everything possible to be worthy of your trust. 

We are in this together, and Ledger will come out of this to provide you with a better, stronger, and more secure experience. 

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Streamr DATAcoin (DATA) на Currencies.ru

$ 0.0438551 (-0.76%)
Объем 24H $19.038m
Изменеия 24h: -3.33 %, 7d: -23.95 %
Cегодня L: $0.0435031 - H: $0.0483213
Капитализация $47.938m Rank 661
Цена в час новости $ 0.0393038 (11.58%)

data breach face ways

data breach → Результатов: 126


Bankrupt Bitcoin ATM Firm Coin Cloud Suffers Data Breach: 300,000 Customers’ Sensitive Info Stolen

The crypto world is facing a new security challenge as Coin Cloud, a prominent Bitcoin ATM operator, recently became the target of a significant data breach. This incident comes at a challenging time for the company, which filed for bankruptcy earlier this year amid the crypto market downturn and the fallout from the FTX collapse. […]

2023-11-13 21:00


218M ‘Words with Friends’ players’ data reportedly stolen in Zynga hack

Popular social game developer Zynga has reportedly become the latest victim of a massive data breach impacting some 218 million Words with Friends accounts. On September 12, the company disclosed that “certain player account information may have been illegally accessed by outside hackers,” but didn’t disclose any details about the scope of the breach and the number of players who may have had their information stolen.

2019-10-1 09:40


Cybersecurity vendor that protects firms from data breaches hit by data breach

You know it’s a bad day for cybersecurity when a leading provider of internet firewall services that helps safeguard websites from malicious attacks suffers from a security breach of its own. Imperva, a popular California-based security vendor, disclosed that data belonging to an unspecified subset of users of its cloud firewall product was exposed online.

2019-8-28 14:58


Can We Trust Libra After Facebook $5 Billion Fine For Abusing Users’ Privacy?

Watch Will’s analysis on how, after the endless scandals and mishandling our data, Facebook will now have to pay the price of $5 Billion to FTC for the privacy breach, and can we still bet on Libra? If the video doesn’t load, click on the direct link to the video: Facebook $5 Billion FTC Fine […] The post Can We Trust Libra After Facebook $5 Billion Fine For Abusing Users’ Privacy? appeared first on CCN Markets

2019-7-27 14:39


Фото:

Crypto Lending Platform YouHodler Exposes Millions of Privacy Records

Cryptocurrency lending platform YouHodler exposed privacy data, including crypto wallet addresses, from thousands of its cryptocurrency users, vpnMonitor reports. Data breach Is Severe with Widespread Implications vpnMentor and a team led by data scientists Noam Rotem and Ran Locar discovered a significant cryptocurrency data breach affecting 86 million records.

2019-7-25 08:35


Storecoin brings tokenized data to the masses, announces latest milestone-based token offering

With every policy shift, every deplatforming, and every data breach, our faith in Big Tech decreases. In Washington, the drums of anti-trust beat ever louder. But what consumers truly want isn’t necessarily a break up of today’s tech companies: they […] The post Storecoin brings tokenized data to the masses, announces latest milestone-based token offering appeared first on CoinMarketCap.

2019-6-21 15:00


Quest Patient Data Exposed: Could the Blockchain Have Prevented It?

By CCN: A major data breach has rocked Quest Diagnostics, exposing the personal details of nearly 12 million patients in the process. The incident, which was reported in a public filing, occurred on May 14 after centralized third-party billing company American Medical Collection Agency (AMCA) informed the diagnostic testing company about “potential unauthorized activity” on a “web payment page.

2019-6-4 01:15


Data Breach Report From Instagram Raises Concerns About Upcoming Facebook’s Digital Currency

Facebook, the most popular social network in the world, has been affected by different data leaks over the last years. This has harmed users and individuals that had data stored on their platform. Now, the security researcher Anurag Sen discovered that there was a public Amazon Web Services (AWS) database that had the information of […]

2019-5-21 18:33


Verizon Security Research: Over 20% Of Data Breaches Thought to Be Carried Out By Nation State Actors

Verizon’s 2019 Data Breach Investigations Report (DBIR), released Wednesday, which analyzed more than 41,000 cybersecurity incidents and over 2,000 data breaches from 86 countries. It found that cyber attacks by nation states and parties affiliated with them represented 23% of data breaches, up from 12% in 2018 and 19% in 2017, Corporate spying is on […]

2019-5-9 19:16


How Blockchain Can Solve Modern Identity Theft Crisis and Be a Core Reason for “No More ID Theft”

Identity theft is a major worry for many people today. This was compounded by the Equifax breach that leaked the data of over 140 million Americans. The data in that breach included information such as addresses and social security numbers in addition to names and phone numbers. It was a nightmare scenario and there has […]

2019-4-10 19:41


Фото:

Lazarus Hacker Group Continues to Target Crypto Using Faked Trading Software

This article was originally published by 8btc and written by Lylian Tang. The Chinese security service provider 360 Security has issued a warning that a large number of crypto exchanges have been targeted by the North Korean hacker group Lazarus and that the number is still rising after the recent hacks of crypto exchanges DragonEx, Etbox and BiKi.

2019-4-2 21:54