Order and contact details accessed via ecommerce partner, and phishing has begun

Blockchain security biz Ledger says customer information was accessed in a breach at its ecommerce payment partner Global-e, and is warning that other brands using the platform may also be affected.

The number of customers impacted is not confirmed, but Ledger said basic personal information - name and contact data - was exposed, as were order details including products and prices.

Both Ledger and Global-e said there is no impact on financial data or cryptocurrencies, and that details such as passwords or 24-word Ledger recovery phrases are unaffected.

Global-e, which Ledger uses so that customers can purchase products in their local currency, started sending emails to affected customers on January 5, saying it does not store sensitive details - things like government IDs - since they are not used for order fulfilment.

The company did, however, warn that Ledger customers should be vigilant to potential phishing attacks.

Global-e stated in its fact sheet: "Though ...