Overview
- Affected individuals are customers who purchased on Ledger.com when Global‑e acted as the merchant of record, according to company statements.
- Exposed records include names, contact details, and some order information such as products and prices, while no payment data, recovery phrases, or private keys were accessed.
- Global‑e says the intrusion was contained and has engaged independent forensic experts, though neither company has disclosed how many users were impacted.
- Security researchers report live phishing using the leaked data, including spoofed emails, fake update notices, QR codes, and unsolicited ‘replacement device’ offers.
- Users are being told to ignore any requests for their 24 words, verify notices from no-reply@global-e.com, and treat messages purporting to be from Ledger or Global‑e with extreme caution.