Just days after the personal information of Ledger customers was dumped on a hacker site called ‘Raidforum’, victims were being targeted by e-mail and SMS phishing campaigns. But the certain malicious entities have gone a bit too far as reports now suggest not just a spate of hacking and phishing attempts but even more distressing incidents especially for the ones who had their home addresses revealed.
In an alarming situation for the breach victims, details of kidnapping and murdering threats given by the attackers to victims have emerged. In the latest reddit thread, a Ledger user, whose personal details were compromised, claimed to have recoeved a phone call threatening kidnapping and murder. The attacker allegedly demanded 10 XMR by midnight and also threatened the victim of physical violence if the ransom is not paid.
“He demanded 10 XMR and said if it’s not sent by midnight, he will show up at my house, kidnap me, and “stab to death” any relatives living at my address. I was able to record this phone call as I put him on speaker phone.”
The Ledger situation gets worse and worse. If this doesn't apprise people of the danger of data over-collection (whether by public or private actors), I don't know what will. pic.twitter.com/bHxxXMj2jc
— Rafael Yakobi, Esq. (@Deliver8tor) December 22, 2020
While the Ledger customer did take the help of the local police, this breach has caused severe distress among the community members whose personal information were dumped on the site. Several users have reported phishing emails. Another user under the pseudonym ‘JimboChewdip’ reported a sim swapping incident which cost him $2k. The attacker was able to access the victim’s phone, thereby changing passwords on several platforms.
@ledger is hacked, and the next day I have my sim hacked! WTF. Its currently happening. No service on my phone, they got into authenticator app and are requesting password changes to several sites including @coinbase. #crypto Not even sure what to do.
— JimboChewdip (@jimbochewdip) December 22, 2020
Ledger CEO Pascal Gauthier had recently apologized for the event and clarified that the data breach has no link nor impact on its hardware wallets, the app or customer funds and concerns only e-commerce related information.
The exec further noted that the goal of the platform was to provide its customers with the best protection and security for their digital assets. However, he went on to confirm that the firm would not be providing any compensation for victims who had their home addresses revealed
That’s precisely Ledger’s mission: we continuously invest to improve security standards. That’s also why we won’t be refunding customers like some have suggested – instead, the best and most sincere thing we can offer is our dedication to being better and making these investments to continuously upgrade the security of the products we make available for you.