The manufacturer of hardware wallets Ledger revealed details of a vulnerability that hackers used to gain access to the personal information of about a million users.

On July 14, a third-party researcher who participated in the bauti program reported on the company's vulnerability. When investigating the problem, it turned out that on June 25, an unknown party gained access to a database containing email and postal addresses, names, phone numbers, and information about purchased Ledger products. Hackers obtained unauthorized access using an API key that has already been deactivated.

The company assured that payment data, information about Bank cards and cryptocurrency accounts is not compromised and is safe. The developers noted that they fixed the vulnerability immediately after detection, and also apologized to their users.
In a Twitter thread, the company urged wallet owners to be careful about phishing attacks and not disclose a secret phrase to restore access.