Read on Twitter
The information in this breach will not directly compromise your Ledger device, but it will be used (in fact, it’s already being used!) in social engineering attacks.
Here are some tips to protect yourself: https://twitter.com/underthebreach/status/1340728236528033797
Here are some tips to protect yourself: https://twitter.com/underthebreach/status/1340728236528033797
1) Personal information about you, including the fact that you have digital assets and that you use a particular hardware wallet is now public.
Attackers will use that information to target you. Expect emails, phone calls, snail mail and even packages to come your way.
Attackers will use that information to target you. Expect emails, phone calls, snail mail and even packages to come your way.
Most of these will be ham-fisted attempts, that will stand out. But some will not; they’ll be subtle and tailored and carefully designed to dupe you.
Approach every email critically and err on the side of caution. If it’s asking you to do something out of the ordinary, don’t.
Approach every email critically and err on the side of caution. If it’s asking you to do something out of the ordinary, don’t.
2) If the phone number you used for your order is used as a 2nd factor anywhere, change it immediately.
If possible, avoid using SMS/phone as a 2nd factor altogether. Get a YubiKey or something similar and setup something like Google Authenticator. https://www.yubico.com/products/compare-products-series/
If possible, avoid using SMS/phone as a 2nd factor altogether. Get a YubiKey or something similar and setup something like Google Authenticator. https://www.yubico.com/products/compare-products-series/
3) Remember that while the Ledger and devices like it keep your keys safely tucked away, that’s not an excuse to lower your defenses: keep your computers up to date, use antivirus software and use common sense: if something “feels” off it probably is.
4) Use a password manager for *everything* and enable 2FA wherever you can. While I don’t personally use it, @1Password is an excellent, cross-platform choice. Never, ever reuse a password or try to come up with one using your dog’s name and the birthday of your first girlfriend.
5) Use multi-signing! Properly implemented, it significantly increases the difficulty of a successful attack.
If the tools you use don’t support it, find better tools.
Choose co-signers carefully and make sure they they understand the responsibility and are security-conscious.
If the tools you use don’t support it, find better tools.
Choose co-signers carefully and make sure they they understand the responsibility and are security-conscious.
