A recent breach involving Ledger’s e-commerce partner Global-e has led to customer data being accessed and misused in phishing campaigns, the company confirmed. While no passwords, payment details, or crypto recovery phrases were leaked, exposed records included names, contact information, and order histories, including product and pricing details.
Ledger disclosed the breach shortly after Global-e began notifying affected users on January 5. However, cybercriminals wasted no time, launching phishing attacks that impersonate both companies. Some of these messages are designed to trick recipients into handing over sensitive wallet information, often using fake security alerts, malicious QR codes, or offers of replacement devices as bait.
The incident has prompted Ledger to issue a warning to all customers that it will never ask for recovery phrases, request users to scan codes, or send unsolicited hardware. Still, phishing messages spoofing official support channels have already started circulating. Security researchers are tracking live attempts linked to the stolen data.
According to Ledger’s security advisory, if you’ve been impacted, you’ll receive an email alert from [email protected], not from any other address.
Commenting on the breach, Anders Askasen of Radiant Logic pointed out that attackers don’t need passwords to do damage. “Once someone has your contact and order details, combined with the trust you place in a brand, they can send phishing messages that feel real. Most of that data lives on third-party platforms with limited oversight, which makes it easier for threats to go unnoticed until it’s too late.”
Will Baxter, Field CISO at Team Cymru, emphasized the speed of the attacks. “It didn’t take long for threat actors to move from data theft to phishing. That kind of speed shows why it’s not enough to wait for user reports. Security teams need to watch for fake domains, spoofed brands, and new infrastructure built to trick users and do it the moment a breach happens.”
Ledger says it is working with Global-e to investigate further. In the meantime, users should double-check any emails or texts related to their Ledger orders, avoid clicking unexpected links, and never share recovery phrases with anyone.