{"id":30680,"date":"2020-10-26T09:43:14","date_gmt":"2020-10-26T07:43:14","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=30680"},"modified":"2025-08-27T23:31:42","modified_gmt":"2025-08-27T20:31:42","slug":"ledger-users-report-mass-phishing-attack","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/ledger-users-report-mass-phishing-attack\/","title":{"rendered":"Ledger users report mass phishing attack"},"content":{"rendered":"<p>Ledger hardware wallet users reported receiving phishing emails offering an urgent update.<!--more--><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Half-awake on a Sunday morning\u2026 I almost fell for this <a href=\"https:\/\/twitter.com\/Ledger?ref_src=twsrc%5Etfw\">@Ledger<\/a> scam email. Scams are getting more convincing. Always check Twitter before you take action on an email like this. A breach like this would be major news. <a href=\"https:\/\/t.co\/wucK2j9cNc\">pic.twitter.com\/wucK2j9cNc<\/a><\/p>\n<p>\u2014 Chris Blec (@ChrisBlec) <a href=\"https:\/\/twitter.com\/ChrisBlec\/status\/1320344608874942464?ref_src=twsrc%5Etfw\">October 25, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In their letter, attackers claim that on October 24 Ledger&#8217;s team allegedly detected malware infection on Ledger Live servers affecting about 85,000 customers.<\/p>\n<blockquote>\n<p>&#8220;Your address was among those affected by the breach. We believe there is a risk of theft of your cryptocurrency assets. To protect them, download the latest version of Ledger Live and follow the instructions to set a new PIN for your wallet,&#8221; the letter states.<\/p>\n<\/blockquote>\n<p>User Chris Blec noted that he received the letter at the email address he used to purchase Ledger goods. He later linked the phishing campaign to the Ledger user data leak in the summer of 2020.<\/p>\n<p>Other Ledger hardware wallet owners also received the messages:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">This is actually the most professional phishing attempt I\u2019ve seen which wasn\u2019t really spearphishing, and actually fooled me (into zero cost response of investigating, not clicking). Congrats! <a href=\"https:\/\/t.co\/ke9ErC5yUk\">pic.twitter.com\/ke9ErC5yUk<\/a><\/p>\n<p>\u2014 Ryan Lackey (@octal) <a href=\"https:\/\/twitter.com\/octal\/status\/1320214747732537347?ref_src=twsrc%5Etfw\">October 25, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\"><a href=\"https:\/\/twitter.com\/Ledger?ref_src=twsrc%5Etfw\">@Ledger<\/a> I have fishing emails.<br \/>\nCan you maybe track the IP address if they used a know email provider?<br \/>\nMaybe you can track them down?!<\/p>\n<p>\u2014 Mr. Nobody \ud83c\uddf3\ud83c\uddf1 (@MrNobod79977306) <a href=\"https:\/\/twitter.com\/MrNobod79977306\/status\/1320473903945449473?ref_src=twsrc%5Etfw\">October 25, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">I received two extremely well crafted phishing emails this morning from what appeared to be <a href=\"https:\/\/t.co\/Jaigrm6R9g\">https:\/\/t.co\/Jaigrm6R9g<\/a>. The download pointed to ledgersupport dot io server from which to download app, in Panama\u2026 <a href=\"https:\/\/twitter.com\/Ledger_Support?ref_src=twsrc%5Etfw\">@Ledger_Support<\/a><br \/>\nIs this related to the email leak in June? <a href=\"https:\/\/t.co\/Out37DMv9s\">https:\/\/t.co\/Out37DMv9s<\/a><\/p>\n<p>\u2014 Philippe Tarbouriech (@phitar) <a href=\"https:\/\/twitter.com\/phitar\/status\/1320270337293111296?ref_src=twsrc%5Etfw\">October 25, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\"><a href=\"https:\/\/twitter.com\/Ledger?ref_src=twsrc%5Etfw\">@Ledger<\/a> I have fishing emails.<br \/>\nCan you maybe track the IP address if they used a know email provider?<br \/>\nMaybe you can track them down?!<\/p>\n<p>\u2014 Mr. Nobody \ud83c\uddf3\ud83c\uddf1 (@MrNobod79977306) <a href=\"https:\/\/twitter.com\/MrNobod79977306\/status\/1320473903945449473?ref_src=twsrc%5Etfw\">October 25, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier in July, unknown attackers gained access to a database containing email and postal addresses, names, phone numbers and information about products purchased from the company, through a vulnerability in Ledger&#8217;s API key.<\/p>\n<p>Developers <a href=\"https:\/\/u1f987.com\/en\/news\/ledger-reports-data-breach-affecting-around-one-million-users\">confirmed<\/a> a data breach affecting around one million users, but assured that payments data, bank card information and cryptocurrency account details were not compromised.<\/p>\n<p>Subscribe to ForkLog news on Telegram: <a href=\"https:\/\/t.me\/forklogfeed\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog Feed<\/a> \u2014 the full news feed, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ledger hardware wallet users reported receiving phishing emails offering an urgent update.<\/p>\n","protected":false},"author":1,"featured_media":30681,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1640],"class_list":["post-30680","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-ledger"],"aioseo_notices":[],"amp_enabled":true,"views":"21","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/30680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=30680"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/30680\/revisions"}],"predecessor-version":[{"id":30682,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/30680\/revisions\/30682"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/30681"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=30680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=30680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=30680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}