Intro: Global-e reported an order-data incident in early January 2026. Ledger has forwarded the advisory and is warning users to stay alert to phishing emails and fake support posing as order updates, returns, or payment anomalies. Ledger stresses that official support will never ask for your recovery phrase or private keys by email.
Event overview: Global-e — a third-party e-commerce fulfilment provider — disclosed that some order-related information may have been accessed without authorisation. Ledger has not found evidence of hardware-wallet key leakage, but is concerned attackers will use order information to impersonate after-sales contact or initiate fake refund flows.
Potential impact: Affected information may include recipient names, contact details, order numbers, and delivery addresses. That combination is enough to forge convincing emails, texts, or chat messages, steering users to phishing sites or malicious attachments.
Official response: Ledger recommends that users who receive "order update," "refund confirmation," or "invoice reissue" emails check order status directly from the official site or the app. If you need to contact support, use only the official support entry point — don't share order screenshots or personal information in chat apps.
Self-check & protection: Verify the sender domain and link destinations match the official domain; type the official URL manually into the browser rather than clicking an email button; decline any request for recovery phrase, private keys, verification codes, or remote assistance, and report them.
Follow-up: Global-e has said it will continue investigating and communicating with affected partners on remediation. Ledger will update its advisory with additional confirmed information, and recommends short-term heightened vigilance for any unusual notifications.
Safety reminder: We will never ask for your recovery phrase, PIN, verification codes, or private keys. Anyone requesting them is attempting fraud — do not share and do not proceed.
