Home Security Shopify employees allegedly behind Ledger’s database hack

Shopify employees allegedly behind Ledger’s database hack

In a blog post today, hardware wallet designer Ledger returned to his customer database breach in July 2020 where two employees of the e-commerce platform Shopify were behind the hack.

on December 23rd, 2020 we received a notification from our e-commerce service provider, Shopify, regarding an incident involving merchant data in which rogue member(s) of their support team obtained customer transactional records, including Ledger’s. The agent(s) illegally exported customer transactional records in April and June 2020. According to Shopify, this is related to the incident reported September 2020, which concerns more than 200 merchants, but until December 21st, 2020, Shopify had not discovered that Ledger was also targeted in this attack. Shopify tells us they engaged digital forensics experts and counsel to continue their investigation on the matter and have reported the matter to law enforcement in both Canada and the USA.

Along with forensic firm Orange Cyberdefense we were able to establish that it affects approximately 292,000 customers. While the database is 93% similar to those exposed in the previous attack there were approximately 20,000 new customer records including, email, name, postal address, product(s) ordered and phone number included in this breach.

The investigation into the incident involving Shopify is ongoing and we will continue to update you as the situation unfolds. As of today: We notified the French Data Protection Authority on December 26th, 2020. After completing forensics with Orange Cyberdefense we informed all customers affected by this breach via email on January 13th, 2021.  We continue to work with Shopify and prosecutors on the case; an investigation is already underway, led by the FBI and the RCMP.  Ledger also reported the events to the French Public Prosecutor and filed a complaint against the rogue agent(s).  We are continuing to work with Shopify using new internal processes to ensure enhanced security.

The Ledger hack

Ledger publicly revealed that customer information had been compromised in July 2020. At the time, the company estimated 9,500 customers had been affected by the hack. In the following months, CoinDesk documented a string of convincing phishing attempts executed by the hackers, including emails that mimicked official Ledger correspondence and text messages. 

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read

Bitcoin price: BTC fell back again, trading below $ 36,000 again

Bitcoin (BTC) closes the week with a new low of more than 10%, which pushed its price back below $ 36,000.

Bitcoin Core developers release version 0.21.0 of the software

The developers of Bitcoin Core have just announced the release of version 0.21.0 of the software. Result of...

Shopify employees allegedly behind Ledger’s database hack

In a blog post today, hardware wallet designer Ledger returned to his customer database breach in July 2020 where two employees of...

Bitcoin: New Correction Before Q1 Ends

Alex Mashinsky, CEO of Celsius, assured that the price suffered a decline yesterday in the crypto market. In general comes as...

A New York pub sells for Bitcoin

Two New York pubs are closing their doors and their owner announced that he will sell the trade in cryptocurrencies. Patrick Hughes,...