Zephyrnet Logo

Shopify Security Breach Exposes More Ledger Customers’ Sensitive Data

Date:

A previous security breach at the e-commerce firm Shopify has exposed sensitive data belonging to customers of around 200 of its merchants.

Among those impacted are customers of the cryptocurrency hardware wallet manufacturer, Ledger. The incident is the second time Ledger customers have potentially had personal information exposed in recent memory.

Although most of the data is the same as that from Ledger’s own security breach last year, those behind the Shopify leak have secured an additional 20,000 customer records.

Another 20,000 Ledger Customers at Risk

As BeInCrypto reported last year, a massive data leak at cryptocurrency hardware manufacturer Ledger saw the personal information of around 270,000 customers stolen. In December, the data found its way onto a public online forum.

Ledger initially downplayed the breach, stating that the June incident impacted only 9,500 users. However, the public release of the data showed otherwise.

With full names, home addresses, and emails leaked, reports of phishing attempts have since emerged. Some users even reported extortion attempts involving death threats.

Already a growing trend in crypto’s bad books, Ledger disclosed yet another breach on Wednesday. In a company blog post, the firm revealed that it was among the merchants impacted by a security incident at the multinational e-commerce firm Shopify.

According to a post on Shopify’s website detailing the September 2020 incident, two ‘rogue members’ of the company’s support team stole transactional records from around 200 merchants.

The Shopify incident first came to light on Sept. 22, but the now-fired staff ‘illegally exported’ data in April and June. However, Ledger claims to have only learned about the leak involving its customers on Dec. 23.

Shopify is reportedly working with the FBI and other international law enforcement agencies to investigate the incident. Meanwhile, Ledger has reported the Shopify incident to the French Data Protection Authority and informed those additional users impacted earlier Wednesday.

Changes to Customer Data Storage

As part of Ledger’s more recent disclosure, the company has announced changes to the way it will handle customer data in the future. It claims it is now committed to storing personal information for the least time possible.

Additionally, the French hardware wallet manufacturer says it will delete sensitive data from order confirmation emails to avoid future information leaks via e-commerce providers. The company also says it will add a messaging protocol to Ledger Live, reducing the dependence on email communication with customers.

As well as pledging to continue working with global law enforcement, the firm announced the hiring of additional private investigators and the creation of a 10 BTC reward purse for information leading to the arrest and prosecution of those responsible.

Although repeating that the leak had not affected customers’ devices, many impacted users were understandably upset. Some stated that it is completely unacceptable for an apparent security company to leave customer data vulnerable in the first place:

Share Article

A former professional gambler, Rick first found Bitcoin in 2013 whilst researching alternative payment methods to use at online casinos. After transitioning to writing full-time in 2016, he put a growing passion for Bitcoin to work for him. He has since written for a number of digital asset publications.

Follow Author

Source: https://beincrypto.com/shopify-security-breach-exposes-more-ledger-customers-sensitive-data/

spot_img

Latest Intelligence

spot_img