"In early January 2026, some Ledger customers were notified that personal and order information related to Ledger.com purchases had been accessed during a security incident involving Global-e, a third-party e-commerce partner that acts as the "merchant of record" for certain orders. Ledger stressed that its own hardware and software systems were not breached. However, the exposed purchase data was enough to spark a familiar second act: highly targeted phishing attempts that appear legitimate because they reference real-world details."
"A breach at a commerce partner can expose customer order data even if wallet systems remain secure. Real order context, such as product, price and contact or shipping details, can make phishing attempts appear legitimate and harder to detect. Treat inbound "support" messages as untrusted until they are verified through official Ledger resources."
"This article explains why breaches at vendors outside a wallet company can still put users at risk, which types of leaked data make impersonation scams more convincing and how to evaluate "support" messages using principles Ledger repeatedly highlights in its scam advisories."
In January 2026, unauthorized access to Global-e systems exposed order-related information for customers who purchased through the Global-e checkout flow. Global-e acts as merchant of record within the checkout and fulfillment chain and holds contact, shipping, and order details required to process and ship products. Ledger's own hardware and software were not breached. Exposed order context such as product, price, and contact details enables highly targeted phishing that appears legitimate. Customers should treat inbound support messages as untrusted until verified through official Ledger resources and follow Ledger's scam-advisory verification principles.
Read at Cointelegraph
Unable to calculate read time
Collection
[
|
...
]