Ledger Confirms Global-e Breach, Warns Users of Phishing Attempts

Ledger confirms data breach via Global-e partner. Customer info exposed, phishing attacks active. No passwords or crypto recovery phrases leaked.

A recent breach involving Ledger’s e-commerce partner Global-e has led to customer data being accessed and misused in phishing campaigns, the company confirmed. While no passwords, payment details, or crypto recovery phrases were leaked, exposed records included names, contact information, and order histories, including product and pricing details.

Ledger disclosed the breach shortly after Global-e began notifying affected users on January 5. However, cybercriminals wasted no time, launching phishing attacks that impersonate both companies. Some of these messages are designed to trick recipients into handing over sensitive wallet information, often using fake security alerts, malicious QR codes, or offers of replacement devices as bait.

The incident has prompted Ledger to issue a warning to all customers that it will never ask for recovery phrases, request users ...