It's Never Happened Before, and Now It Happens Again. Ledger User Data Leaked (But There's a Nuance)
Hackers breached Global-e's systems, and now some Ledger customers risk receiving very convincing letters from scammers.
Hackers breached Global-e's systems, and now some Ledger customers risk receiving very convincing letters from scammers.
Ledger has warned some customers about a possible leak of their personal data due to a breach at its partner, the payment service Global-e, which handles order processing on the Ledger.com website. According to the company, Ledger's own infrastructure was not affected, and its hardware and software products remain secure.
The company explains that the incident affected customers who made purchases on Ledger.com through Global-e, which acted as the so-called Merchant of Record, i.e., the payment and legal intermediary in the transaction. Ledger emphasizes that this was not a breach of its network but a compromise of data stored by a third-party order processor.
According to Ledger, malicious actors gained access to order information stored in Global-e's systems. As a result, customer names and contact details may have been exposed. However, Ledger claims financial information was not part of the leak.
The situation became widely known after researcher ZachXBT published a warning to the community and shared a notification letter about the incident. Importantly, this notification was sent by Global-e, not Ledger.
Global-e handles payment and order processing for numerous online stores and brands. The platform manages tax and duty calculations, localization, and compliance verification, which requires it to store order-related data. Among Global-e's clients are reportedly companies like Adidas, Disney, Hugo Boss, Ralph Lauren, Michael Kors, and Netflix.
Ledger specifically highlights what could not have fallen into the attackers' hands. Neither Global-e nor Ledger itself stores or has access to the 24-word seed phrase that secures a wallet. They also have no access to blockchain balances or any secrets related to digital assets. Therefore, the breach does not automatically mean a risk of losing cryptocurrency, as long as the user does not divulge their key information to the attackers.
However, the company warns of another scenario. Having obtained customer names and contact details, the attackers may attempt to lure people to phishing pages posing as support or official notifications, aiming to steal the seed phrase or passphrase. Ledger urges users to remain vigilant, never share their 24 words with anyone, and, whenever possible, verify transactions to understand exactly what they are signing.
Global-e reported that after detecting suspicious activity in its cloud environment, it quickly isolated and secured the affected systems. The company claims that payment data and account credentials were not compromised. Global-e is now directly notifying potentially affected users and relevant regulators.
Ledger notes that affected users will receive a separate message from Global-e with details about the impact of the incident. If more information is needed, the company recommends contacting Global-e directly, as the leak occurred on the side of the payment partner.
