Home Security Shopify employees allegedly behind Ledger’s database hack

Shopify employees allegedly behind Ledger’s database hack

In a blog post today, hardware wallet designer Ledger returned to his customer database breach in July 2020 where two employees of the e-commerce platform Shopify were behind the hack.

on December 23rd, 2020 we received a notification from our e-commerce service provider, Shopify, regarding an incident involving merchant data in which rogue member(s) of their support team obtained customer transactional records, including Ledger’s. The agent(s) illegally exported customer transactional records in April and June 2020. According to Shopify, this is related to the incident reported September 2020, which concerns more than 200 merchants, but until December 21st, 2020, Shopify had not discovered that Ledger was also targeted in this attack. Shopify tells us they engaged digital forensics experts and counsel to continue their investigation on the matter and have reported the matter to law enforcement in both Canada and the USA.

Along with forensic firm Orange Cyberdefense we were able to establish that it affects approximately 292,000 customers. While the database is 93% similar to those exposed in the previous attack there were approximately 20,000 new customer records including, email, name, postal address, product(s) ordered and phone number included in this breach.

The investigation into the incident involving Shopify is ongoing and we will continue to update you as the situation unfolds. As of today: We notified the French Data Protection Authority on December 26th, 2020. After completing forensics with Orange Cyberdefense we informed all customers affected by this breach via email on January 13th, 2021.  We continue to work with Shopify and prosecutors on the case; an investigation is already underway, led by the FBI and the RCMP.  Ledger also reported the events to the French Public Prosecutor and filed a complaint against the rogue agent(s).  We are continuing to work with Shopify using new internal processes to ensure enhanced security.

The Ledger hack

Ledger publicly revealed that customer information had been compromised in July 2020. At the time, the company estimated 9,500 customers had been affected by the hack. In the following months, CoinDesk documented a string of convincing phishing attempts executed by the hackers, including emails that mimicked official Ledger correspondence and text messages. 

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read

Staking: these are the 5 preferred cryptos for passive profits

Staking has been called in various ways, some accurate, others not so much. This has also happened with PoS,...

United Kingdom forces to block cryptocurrency advertising

The advertisements of the company Luno will be withdrawn from the United Kingdom after the resolution that obliges them to do so...

Cryptocurrencies find some relief after their crash

Cryptocurrencies find some support for a bounce after one of the toughest weeks for investors. Although last Thursday we...

China Strikes Cryptocurrencies Again, Bitcoin Slumps Again

The highest level of government in China has proposed new measures to regulate mining in the country. The proposal has been received...

Bitcoin on the Playstation? Sony’s patent finally accepted

On May 17, 2021, the publication of a patent by Sony Interactive Entertainment mentioning Bitcoin was greeted with great fanfare by the...