Crypto: How A Third-party Data Leak Led To Phishing Attempts Against Ledger...

A third-party e-commerce breach exposed order data, enabling phishing attempts without compromising Ledger wallets or self-custody systems.

A breach at a commerce partner can expose customer order data even if wallet systems remain secure.

Real order context, such as product, price and contact or shipping details, can make phishing attempts appear legitimate and harder to detect.

Treat inbound “support” messages as untrusted until they are verified through official Ledger resources.

In early January 2026, some Ledger customers were notified that personal and order information related to Ledger.com purchases had been accessed during a security incident involving Global-e, a third-party e-commerce partner that acts as the “merchant of record” for certain orders.

Ledger stressed that its own hardware and software systems were not breached. However, the exposed purchase data was enough to spark a familiar second act: highly targeted phishing attempts that appear legitimate because they reference real-world details.

This article explains why breaches at vendors outside a wallet company can still put users at risk, which types of leaked data make impersonation scams more convincing and how to evaluate “support” messages using principles Ledger repeatedly highlights in its scam advisories.

Ledger’s warning in January 2026 concerned a security incident at Global-e, a third-party e-commerce partner used by many brands that can act as the “merchant of record” for certain Ledger.com purchases.

In practical terms, Global-e sits within the checkout and fulfillment chain and holds the customer and order information required to process and ship physical products.

According to Ledger’s customer notice and multiple reports, unauthorized access occurred within Global-e’s information systems. The data involved related to customers who made purchases through this Global-e checkout flow.

Source: CoinTelegraph