How a Third-Party Leak Fueled Phishing Against Ledger Users
A data leak at Ledger's e-commerce partner, Global-e, exposed order details, enabling highly targeted and convincing phishing attacks against users.Summary
In early January 2026, Ledger notified customers about a security incident at Global-e, a third-party e-commerce partner acting as the merchant of record for some purchases. This breach exposed order-related information, including contact details, shipping identifiers, product purchased, and pricing, though Ledger's core hardware and self-custody systems remained secure. Attackers leverage this real order context to craft highly credible phishing attempts that reference actual purchases, bypassing initial user skepticism. These scams often create false urgency regarding security or order issues to trick users into revealing their 24-word secret recovery phrase, which Ledger explicitly states it will never request. The incident underscores that risks persist through the commerce layer, even when wallet infrastructure is secure, emphasizing the need for users to treat all unsolicited support messages as untrusted by default and verify communications only through official Ledger resources.
(Source:Cointelegraph)