Ledger Confirms Third-Party Global-e Breach Exposed Customer Names and Contact Details
According to Ledger, a breach at e-commerce partner Global-e exposed customer names and contact details, though private keys and payments were unaffected; experts warn of heightened phishing risks and potential physical targeting.
Ledger confirmed a customer data exposure tied to its third-party e-commerce partner Global-e, affecting names and contact details of users who bought devices via its online store. The company said private keys, wallet funds, and payment information were not accessed. Within hours, users reported a surge in phishing emails, SMS, and calls from scammers impersonating Ledger or Global-e. Security experts warned that risks extend beyond those in the leak, with physical addresses heightening threats, including “wrench attacks.” Past incidents include a 2020 breach affecting nearly 300,000 users and 2021 mailings of fake Ledger devices. Experts advised never sharing seed phrases, verifying senders, avoiding unsolicited support messages, and not rushing to move funds unless onchain compromise is detected.
- Phishing: A social engineering tactic where attackers impersonate trusted entities via email, SMS, or calls to trick victims into revealing sensitive information.
- Seed phrase (recovery phrase): A list of words that backs up a crypto wallet; anyone with it can access and control the wallet’s funds.
- Wrench attack: Physical coercion used to force a victim to reveal private keys or seed phrases.