As you may heard, Ledger was hacked. As far as we know, their ecommerce and marketing database got leaked and your crypto funds and wallet is safe (yay). Your payment information like CC or paypal is also not leaked but the hacker could gather 9500 addresses (Fullname, Street, City). Ledger knew from the hack since the 14th of July, which is two weeks from today. Today they informed their customers via an email and the media began to cover this story. Most of the headlines only focused on the stolen email addresses.
Sure, one million addresses are a lot but email addresses are not the problem, you can easily switch to a fresh mailaccount and have no harm. But you can´t move out of your house. So why am I writing this? This is a very dangerous combination and most people are not aware of it (form what I read on twitter). A criminal know now that these 9500 people are holding crypto AND where they live. I know it sound dramatic and maybe paranoid but the data will 100% be leaked on the darknet and a lot of weirdos will access it. You can imagine what obviously will happen, some people will get some unannounced visit. At least it is not unannounced hence ledger informed the customers. James Lopp wrote a article about the so called “5$ Wrench Attack”, you can find it here. Another problem could be scams via simswapping, the hacker try to intercept the new shipped sim.
This incident should be a reminder to your OpSec, don´t rely only on tech (wallets, cryptographic, etc..), I ve read somewhere that most of all scams and hacks are done via social engineering. So keep that in mind! In this case you would be safe if you used a pickup station or a service like borderlinx or shipanon as a shipping address. Just to be fair: I don´t want to point a finger on ledger here. Sure, they did a horrible job and they reputation will be damaged. This is a horror scenario for every company, which operates in the security sector. And from my point view the company is done. But I think we will see similar hacks in the future, so be prepared. Ironically Trezor tweeted today, that they only store sensitive data 90 days.
TL:DR Be cautious, don´t trust any one. Try always to hide your real identity and send me some btc.