France-based major hardware wallet provider Ledger has admitted it suffered a data breach on June 17 that appears to have allowed a “third party” access to at least 1 million of its users’ contact details. The firm took to Twitter to state that its marketing and e-commerce database was compromised through a third party’s API key that was misconfigured on their website, exposing its customers’ contact details and order information, although Ledger claimed that there was no spill of crypto holdings or client transaction information.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.