Ledger, a popular maker of hardware wallets for storing cryptocurrencies, has reported a security breach in late June.
According to the company's announcement, the compromised data includes contact and order information. However, more sensitive information such as payment data and crypto funds have not been affected.
The company has contacted the affected customers through an e-mail.
The vulnerability was apparently reported to Ledger on July 14 by one of the developers taking part in the company's reward program, which gives a certain reward to users who find security problems in its products.
Even though Ledger claims it patched the vulnerability, it looks like it was exploited by some attackers a few weeks earlier, specifically on June 25, when an unauthorized person managed to access the company's marketing and e-commerce database through an API key that has already been deactivated.
The affected database did not store any information about the users' recovery phrases or private keys, so the customers' funds are safe.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.