Huge leap maybe, but if what Gazeta did was really just manually check what Ledger Live does, I could think that they'd keep that private so that people would be "forced" to check the device/firmware integrity using the official app, and have more downloads and data spied
Ledger Live App must be used anyway when updating the firmware, so there is a case for downloading the app and
be spied on personal data. .
Anyway not a big surprise here, as the security model at Ledger has always been “Security trough obscurity”.