 Welcome to Jalassette News to get top stories and cryptocurrency Jalassette's and break them down to bite-sized pieces today We've got some concerning news if you're like me and you own a ledger You probably woke up to this nice little email that says hey all your data has been compromised And originally this went out to 9,500 people around July of this year but there has been a dump on a major site which is actually exposing 270,000 people's information and not just emails. We're talking first names last names Addresses phone numbers the whole shebang. So really what does it come down to? Well, it comes down to there's a lot of things. There were some missteps taken But the most important thing is what does that mean for you? Going forward. What is the company ledger going to do? How are they going to fix this and what does this all mean in the grand scheme of security? So I'm going to take you down a little bit of a rabbit hole right now And I'm going to show you where we what happened before Where we are now and what's about to happen in the future So let's jump in the computer and I'll explain everything. So here's the email I am talking about you may have seen it. You may have not We're going to go over this in a little bit of detail and then talk about what this all means Also, I reach out the ledger to ask them if they would like to be on the show and And rebut some of these comments but as of right now 11 a.m. On December 21st 2020. I have not gotten a response yet. I'm sure they're busy So this is what it states There was a dump of the content of a ledger customer database on raid forum And we'll get that into a bit But in July we engaged an external security organization to conduct A forensic review of the logs available This review the logs enabled us to confirm that approximately 1 million email addresses had been stolen As well as 9500 plus detail information like the address names or name and phone numbers So this is important because what we're talking about here is that they sent out emails I remember this email in July. It said, hey, we were hacked and there's a lot of email addresses that had gone away So again, I didn't think too much of it because their emails and I might have been compromised so many times Because I've had an email forever. So who cares? But it goes beyond that because of addresses names and phone numbers So approximately 272,000 detailed information such as address last name phone numbers Of our customers were leaked onto this website. These details are not or were not available In the logs that we were able to analyze. So this is what they're saying They're saying we didn't notify everybody because we didn't know exactly about it because we we did a Summary of these logs or took a look at these logs and it didn't appear that they were compromised However, they were and now all the information is out there, which is a little scary We'll get into that a bit So it states if you are part of the detailed personal information subset You will receive a specific email notifying within 24 hours. So check that out Data breach is not linked to our hardware wallets. I'm going to say this again The data breach is not linked to our hardware wallets nor ledger live security And your crypto assets are safe and not imperil of being compromised. So that is the big thing So the when I thought about this, I'm like, well, first of all is my crypto safe. Well, yes, it is safe It is safe unless you do something goofy like get an stupid email where they say, hey, give us your 24 word passphrase It's the same game my friends. You just ignore that because that is a scam any kind of personal information that they want They got enough already. I mean not to not to make a joke of it But it is you don't laugh. Sometimes you would just get super ticked off But just keep your information as much as possible safe and not give it anybody Don't make it easy for them. And again ledger is not going to ask you for your 24 word passphrase I don't give that out to anybody. This is what they're doing. We're doing everything Poss make ledger stronger for the future. They hired a new chief information security officer So obviously the one got canned because I mean who's going to keep that guy around They're going to harden their already strong systems and have thoroughly reviewed our data policy Well, that's good. You reviewed that Penetration tests and forensic analysis with external security firms to test these and find any additional vulnerabilities On our e-commerce software systems They're working with law enforcement to prosecute hackers and stop these scammers they take down They've already taken down more than 170 phishing websites since the original breach customer support is working 24 7 We're doing everything proactively to deal with this and prevent in the future. So really comes on to this How did this all happen? Well, they had some kind of api hooked up for some type of e-commerce database From june 2020 and on and Really what they did was they were transferring information that they were collecting and they were putting it over to this database For them to analyze and in between those two this api was hacked and all your information Was sent over but in reality it doesn't matter how this happened The big thing is how are they going to respond? We're going to do that in a second But I just want to warn you on a couple of things. First of all, you're going to see trash like this Where it's going to be some goofy Email address no reply at ledger.com b28 email blah blah blah blah That's not even remotely accurate to the actual ledger And and they're going to say hey something about we need your information click right here Don't click squat. Don't click anything. Just go to ledger.com and say hey, you know If you don't believe it actually I'm not doing anything with ledger right now because I'm just like I'm just going to be hands off And I want to do anything and that is it So if you get something like this, just know that's ridiculous. Also, you're going to get something trash like this This is what really takes me off And you're going to see this again and again and again and again all over twitter and youtube and every other place Where it's a copy and paste of these internet tough guys and it's going to start like this. Hello My name I've recently become aware of your cryptocurrency holdings. I live in Whatever city I know that you live at blah blah blah address because they know your address I'm not afraid to invade your home. I don't want to make this any harder than it has to be I'm offering you 500 bucks Surely much should be considered as the recent pump to leave you alone If not, I'm not afraid to show up when you least expect it and see how my wrench works against your face Or maybe even wait for you to leave your home and take your belongings whilst you're not there to call the police I'll be waiting for the money and watch until then and there's like a little wallet address where you can send bitcoin right there first of all There's a lot of internet tough guys out there And they're going to send you all this stuff and they're going to scare people and this might work for some people But you're not some people. I hope because this is ridiculous. First of all, just because they know your address Just because they know they know you have a ledger. They don't know that you have any money in that ledger They don't know that you actually have that ledger still. They just know that at some point you bought a ledger Second of all, what do they even have in that ledger? Do you have 20 000 bitcoin or do you have a thousand bit torrent? Come on. It doesn't really matter You think someone's really going to come to your house on the off chance that you had a bunch of money in there And then just steal you steal your ledger that way Or do you think if there really thieves out there that can put a wrench to your face that they wouldn't just go and rob homes anyhow Also, they don't know you they don't know what you have in your home I live in texas and there's a standard ground state. So if anybody comes to my home I am legally authorized to use force to defend my house So do you really think that someone's going to come to somebody's house with a wrench or whatever? And try to rob them in broad daylight when they don't even know the person or know what they have Maybe a very dumb person, but if they want to find out that is at their prerogative I personally do not think that would happen Especially in a state like mine. So if you get something like this and do not fall for it It is all boisterous and not anywhere near to being a reality Then here's the FAQ at ledger and they talk about again the 9500 personal details And why the logs had said that they analyzed was only 9500. It was just now they realized that. Oh, no There was more to it. Now, what whichever way you want to believe it is up to you I would hope not that they didn't but It is what it is. There's a couple other things down here Really again, it's not about what happened. It's about what are we going to do about it? So here's the question. Can the info obtained by the hackers bypass two factor authentication measures? No Our e-commerce website doesn't retain any login password information since 2fa is not relevant Regarding our security scheme indeed our clients don't have a ledger account This data breaches a marketing e-commerce data breach concerning email So it's not like they can get your passphrase from this because you said your passphrase They don't have a collection of the passphrase and that is one of the great things about ledger They don't keep a record of that you have that and only you have that so make sure that it's safe Scrolling down it states. What can I do to protect my data moving forward again? Ledger will never ask you for 24 phrase They are not going to ask you for a bunch of personal information Don't give anybody anything and you should be fine. And lastly it says here's a best practices for advanced security measures And I didn't know about this until I clicked on the link. This is some pretty important Interesting stuff. There's a thing called a passphrase It's an optional security feature that you can add on top of your 24 word recovery phrase It's commonly referred to as the 25th word. How do you find that? Very simple You're going to go into your nano ledger, you know pop it on you're going to scroll over to settings You're going to click on that then it's going to go down to click on security And lastly passphrase and you can set that up. This is only if you want a more Stronger security setting. So this passphrase is an extra word It's just one more on top of your 25th or 24th word recovery phrase to generate a new seed and unlock a completely new set of accounts Why is this good? Well, your hardware wallet is initialized with your normal 24 word recovery phrases or phrase And gives you access to your normal set of crypto accounts Through the security settings, you can enter your passphrase The device will compute the resulting seed and give you access to your alternate set of crypto asset account So why is this really good in the long run? If someone compromises your backup? Like getting a physical access to it Into your passphrases Then only your normal accounts are at risk your passphrase govern accounts Stay safe as long as you haven't written down your passphrase next year 25 word So really what's going on is that you can put on Like like again a thousand bit torn or whatever goofy little thing that you have in there for your normal like main Account and then with that 25th passphrase You can have a whole new complete set of accounts of different cryptocurrency assets on there Which if somebody gets access to it They only think that you would just have a thousand bit torn on there and like well this sucks But you know behind that you could have you know a thousand bitcoin on there on your second one Just because that passphrase and again it states here You would of course only keep small amounts of crypto in your normal non passphrase related set of accounts And hold your real crypto holdings on the alternate set of accounts, which is also called behind the passphrase So why is this great? Well, let's just play devil's advocate Let's say there's some crazy person out there that comes to your house with a wrench So they take you down and say okay giving your your passphrase and you say okay here it is And then and then also they know everything about cryptocurrency, which sure So then they do all that and like they they pop it open like damn it A thousand bit torn it sucks and they just you know, that's all they know, right? They don't know about this now if they did it would be a lot of a different story However, I think that's going into the realm of just almost impossibility So if you really want to be protected then put your nano ledger Plus your passphrases in someplace outside your home so they can't get to you So I will say this what are you going to do about it? Well, the first thing is that you're knowledgeable You know exactly that hey, they don't have my passphrases that is set in stone I have that on me. They can't break in. I should be good the addresses We just talked about the email and everything else what I will say is this in this information There's no mention of any passwords that were compromised It just states postal addresses name surname and phone number However, to be safe, I would start to reset all my passwords on all my different apps and settings and everything else That's what I've already done. Also. This is bad, but I want to put it in context This was a great one from cso online the 15 biggest data breaches of the 21st century I'm going to go over a couple real quick Adobe I think we've all heard about that one in 2013 nearly three million customer credit card records Plus login data for a ton of different accounts That's bad if that happened to me, man I'd be pretty ticked off because then I have to order a new credit card Then I have to purge all the different Transactions that were made then I have to go and reset all the different things on my credit card because of all the different Uh reoccurring payments. I have god that would suck adult friend finder Stolen data span 20 years on six databases includes names email address and passwords So imagine that being put out there for everybody to see canva Email address user's name names cities of residents and salted and hashed with big crypt or b-crypt passwords eBay 145 million users name address data birth and encrypted passwords Equifax, this is the big one. This is in america 2017 on september 7th Vulnerability on the website slide to a data preach that exposed 147 million customers Personal information including social security numbers birthdays addresses in some case drivers license numbers Man, that's awful dub smash same type of thing keep going down Marriott international contact information passport number Guest numbers travel information other personal info and on and on and on So i'm not going to be a dead horse, but you get my point right here, right? Data breaches are a problem. These are problems The only thing that really matters is how you respond to it and when I take you down memory lane I don't know if you're old enough to remember this. I was not Old in 1982, but this was an actual horrible story. I remember this from my some of my business classes There was an incident in 1982 where some whack job Was taking cyanide pills and he was putting into tylenol bottles and people died from it And it wasn't that tylenol was responsible for this, but it was how they acted So what in 1982 seven people in the chicagory died copycat attacks around the country caused several more deaths deaths And this was uh from johnson and johnson the big uh pharmaceutical company and they stated this was the ceo We're never going to be judged by what caused the problem and we judge it how we responded to it again Trust is a currency you cannot buy and when you lose trust you lose everything And that is a problem for a big business like tylenol like aquifax like adobe and like ledger Once that goes away. I don't care how great your marketing is It's very tough to get back and i'm just waiting to see exactly what they do Now they said that we're they're going to do a bunch of things but really in all honesty We'll see if that's going to be enough But this is what happened in the tylenol case mary kelliman became the first victim on the on the morning of september 29th Only 12 years old Then a couple more people died and the same type of thing just happened as like a big chain event It was just awful, but this was how i was handled six weeks after the crisis flared and this was a man This is a nation. This is a global brand the company offered a solution They made that new bottle with safety elements now that everybody knows about which is there's cotton There's foil. There's a seal childproof cap plastic strip everything That would make you say oh this hasn't been tampered with and this is exactly what happened This is what they do and this is why we have it to until today because the company stepped up and goes You know what? I don't know what happened here. I don't know what crazy loon is out there But we're gonna make sure this doesn't happen again and that is really all you can do So i'm reaching out to ledger and i'm hoping they're actually going to do these things But again, it's not what was done It's how you handle it and I think that everything that we have talked about here today should keep you safe All right, let's jump out. All right, so I hope that helped look There's a lot of bad actors out there. There's a lot of misinformation So if you can just take this with a grain of salt and just take a look about okay, what can I do? It's not about being powerless. It's about taking that power back and going. Okay I know exactly what happened. I know now the steps to take I know what to do in the future So this doesn't affect me and my family and that is when the realization is okay. I can handle anything So that's really it. So let me know what you think in the comment section and good luck to you I think it'll be okay