Cryptocurrency wallet firm Ledger was hacked in June by an unauthorized third party. The data was put up for grabs on sites frequented by criminals. The company is urging users to never share their 24-word recovery phrase and an optional secret passphrase that only the owner knows. Ledger has been working to notify affected users via Twitter and responding to customer questions, while also reporting all tweets and Reddit posts that contain a link to the database. There is evidence that threat actors have used the emails stolen from Ledger to target clients with phishing attacks.
Source: https://threatpost.com/ledger-dump-active-attacks-follow/162477/