Ledger wallet users have been targetted by a phishing scam which used a fake data breach notification in order to steal cryptocurrency. The wallets were secured using a 24-word recovery phrase and support 12, 18, or 24-word recovery phrases used by other wallets. If someone knows the recovery phrase then they are able to access the funds inside the wallet. Therefore, the phrase must be kept private and offline.
Ledger suffered a data breach in July 2020, with threat actors having access to 9,500 customers’ contact details. In October 2020, Ledger users began to receive phishing emails about the data breach supposedly from Ledger. The emails said that following the breach in order to keep their assets safe users should install the latest version of Ledger Live and secure the assets with a new pin.