Our communications about the data breach and the phishing attemptsSecurity
Since we discovered the data breach in July we have been as open and transparent as possible and proactive in our communications to our customers. We sent an email to our whole database, approximately 1M people on July 29th, yet only 40% opened this security notice.
The same day we communicated openly and proactively to the media: The Block, Decrypt, Capital… on social media (Twitter, Reddit and Facebook).
This data breach led to aggressive phishing attacks against our clients. We communicated heavily about it. First, we sent an email to our whole database on October 22nd, only 27% people opened this email.
We wrote several blog articles, one on November 10th about what Ledger was doing against the scammers, another one where we deconstructed the attacks. On December 16th we launched a specific page sharing the anatomy of these phishing attacks so you can avoid falling for them and report any new attacks you receive. We are continuously working with law enforcement to prosecute hackers and stop these scammers. We have taken down more than 170 phishing websites since the original breach. We have notified the French data protection authority regarding the data breach and are working with other data protection authorities across the world. Our Customer Support team is working 24/7 to answer your questions.
On social media we warned our users about phishing attacks regularly especially on Twitter:
⚠️Please be reminded to only use Ledger’s official channels for any contact to prevent potential #phishing attempts— Ledger Support (@Ledger_Support) September 23, 2020
Fake accounts exist on social media sites (Twitter, Facebook, Telegram, Whatsapp)
On Twitter, our official pages are @Ledger and @Ledger_Support
Remember, your assets are safe if your 24-word recovery phrase is. We’ve come up with a short list of tips and tricks to help — we know it’s quite Phishy out there. (1/5)— Ledger (@Ledger) October 26, 2020
As there are currently phishing attempts going on, Ledger would like to remind you of a few safety tips to help you avoid such scams. Please take note of the following and remain vigilant. (1/5)— Ledger (@Ledger) October 29, 2020
Ledger is on the battlefield — we’re fighting against phishing attempts that have been targeting our user base relentlessly, causing stress and uncertainty. The situation is pressing. We’re sharing what we’re doing and what you can do to #StopTheScammers. pic.twitter.com/Lw29TZxupQ— Ledger (@Ledger) November 10, 2020
Before the weekend, we have two key messages to share with you to help you stay safe against scams.— Ledger (@Ledger) November 27, 2020
Would you respond to a letter asking you to share personal details to receive $10,000 for free?— Ledger (@Ledger) December 1, 2020
Never, ever forget this rule! #StopTheScammers pic.twitter.com/iNgSTCTkQs— Ledger (@Ledger) December 8, 2020
? WARNING: STAY VIGILANT OF ONGOING PHISHING SCAMS! ?— Ledger (@Ledger) December 16, 2020
Remember that Ledger will never ask for your 24-word recovery phrase or PIN. Never share it!
Check out this page to verify if the communication you have received is a scam: https://t.co/9Cri0akE6v#StopTheScammers
Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.— Ledger (@Ledger) December 20, 2020