Shopify security breach exposes confidential data of other Ledger customers

A Shopify data breach exposed the personal information of 20,000 other Ledger customers.

The incident comes just weeks after hackers exposed the sensitive information of approximately 270,000 Ledger customers.

Company users have been the target of phishing and extortion attempts since an initial leak in June 2020.

A security breach at the Shopify e-commerce business exposed personal data belonging to customers of around 200 of its merchants.

Among those affected are customers of Ledger, the maker of electronic cryptocurrency wallets. This is the second time in a short time that Ledger customers have seen their personal information potentially exposed.

While most of the data is the same as Ledger’s initial security breach last year, the people behind the Shopify leak have obtained an additional 20,000 customer records.

20,000 additional Ledger customers are exposed

As BeInCrypto reported last year, a massive data breach from crypto wallet maker Ledger resulted in the theft of personal information of around 270,000 customers. In December, the data was found online in a public forum.

Ledger initially downplayed the significance of the leak, saying the initial June 2020 incident only affected 9,500 users. The data release, however, indicated the opposite.

Since the names, postal addresses and emails of customers have been disclosed, numerous phishing attempts have since been reported. Some users have even reported extortion attempts involving death threats.

This Wednesday, January 13, Ledger revealed a new data leak, which seems to be becoming a trend in the pitfalls of the crypto community. In a post on the company’s blog, the company revealed that it was among merchants affected by a security incident at multinational e-commerce company Shopify.

Recently, we reported a data disclosure. On December 23, we were alerted by our e-commerce provider Shopify to an incident in April and June 2020, in which rogue members of their team exported the customer databases of some merchants. Ledger was one of them.

According to an article on the Shopify website detailing the incident, two “dishonest members” of the company’s support team stole the transaction records of approximately 200 merchants.

The Shopify incident was first revealed on September 22, 2020, but now laid-off staff “illegally exported” data in April and June. However, Ledger says it was not made aware of the leak involving its customers until December 23.

Shopify is reportedly working with the FBI and other international law enforcement agencies to investigate the incident. In the meantime, Ledger reported the Shopify incident to the French data protection authority and notified other affected users earlier today on Wednesday, January 13.

Changes in the storage of user data

As part of Ledger’s latest data release , the company has announced changes to how it will handle customer data in the future. She says she is now committed to keeping their personal information as short as possible.

Additionally, the French e-wallet maker says it will remove sensitive data from order confirmation emails to prevent further information leaks through e-commerce providers. The company also said it will add an email protocol to Ledger Live, reducing reliance on email communication with customers.

In addition to pledging to continue working with international law enforcement, the company said it has hired additional private investigators. She also allegedly created a 10 BTC prize pool for information leading to the arrest and prosecution of those responsible.