Ron Stoner, a crypto-security expert and newly appointed Head of Security at Casa, a company focused on developing security and custody solutions for Bitcoin (BTC), notes that we’re living in a world that heavily depends on “the connectivity between our physical and digital identities.”
Stoner, a former senior security engineer at ShapeShift, goes over how we can ensure that our personal details remain safe from hackers and data breaches.
Stoner, whose suggestions have come after crypto hardware wallet provider Ledger suffered a major security breach (leaking personal info of over a million customers), points out that in these modern, digital times, we are constantly facing or dealing with the “fear and uncertainty surrounding the news of a personal data breach.” Many more people across the globe are now concerned about their home addresses, phone numbers, and emails getting leaked online.
Stoner confirms that recently, a hacked Ledger database with 272,853 customer records including their full names, physical mailing addresses, phone numbers, and over 1 million email addresses was leaked on a public forum.
Stoner clarified that although the Ledger data breach actually occurred in July of this year, the data has recently been shared (for free) on a hacker forum that is specifically focused on selling database and personal information dumps.
Stoner points out that these markets operate by selling and reselling sensitive data that’s compromised in hacks and social engineering engagements carried out against firms and third-parties such as resellers. Ledger has released information regarding the damaging leak, which includes details of the incident, and other updates via emails and social media, Stoner confirmed.
Stoner further notes that if you’ve bought a device from the Ledger store, it’s quite possible that you may be impacted by the massive security breach. Ledger has sent communications to its customers, Stoner noted. He also clarified that “if you’ve procured your Ledger though Casa or the Casa Store you should NOT be impacted.” He claims that “no parts of Casa’s infrastructure touched the Ledger databases impacted by this breach.”
While commenting on what customers can do to stop or avoid these issues, or how they can better safeguard their personal information, Stoner acknowledged that some aspects of the process require a lot of “technical controls and engineering by the companies that are storing your valuable data.” However, we can always take certain measures to protect our personal details such as “not keeping crypto in the house – if you’re using a Ledger, move the device to another physical location.”
He further noted that for Casa customers, they “don’t have more than one key at your house (usually your mobile phone).” He also suggested that we should “consider checking out Lopp’s “Home Defense Primer.”
Stoner also suggested “minimizing the data you share with third parties and protect yourself going forward.”
He went on to mention that:
“Stan Lee, George Orwell, Lana Del Rey, and Satoshi Nakamoto. The one thing that they all have in common is that these are fictitious names used to disguise real-world personal identities. An attacker wouldn’t be able to find a Social Security Number (SSN) or physical address associated with these names if they were so inclined. While authors may use pseudonyms so that their works are not associated with the real person, others use them to protect their identity. Many Casa clients do this already. A strong alias will have no direct link to your name, profession, location, or interests.”
Stoner pointed out that in most data or security breaches, home and office addresses are “often exposed causing an increased risk for those present at those locations.” Jameson Lopp, CTO at Casa, has provided guidelines to address these issues.
In his extensive blog post, Stoner covers technical concepts like multisignature setups for crypto wallets, enabling two-factor authentication (2FA), effective password management, and getting in the habit of deleting certain personal information we share online.
He also suggested using a reliable VPN service, setting up multiple email accounts for different tasks (to minimize damage from breaches), and maybe look into pseudonymous virtual payments cards.