A third-party vendor related to Gemini appeared to have suffered a data breach on or before December 13.
According to documents obtained by Cointelegraph, hackers gained access to 5,701,649 lines of information pertaining to Gemini customers’ email addresses and partial phone numbers. In the latter case, hackers apparently did not gain access to complete phone numbers, as certain digits were obfuscated.
Gemini has since clarified in a blog post that the breach appeared to be “result of an incident at a third-party vendor” but also warned of ongoing “phishing campaigns” resulting from the data leak.
Luckily, the leaked database doesn’t include sensitive personal information such as names, addresses, and other Know Your Customer (KYC) information. Furthermore, some emails were repeated in the document; thus, the number of customers affected is likely lower than the total rows of information.
Regarding the incident, Gemini has issued the following statement:
“Some Gemini customers have recently been the target of phishing campaigns that we believe are the result of an incident at a third-party vendor. This incident led to the collection of Gemini customer email addresses and partial phone numbers. No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure.”
The Gemini exchange went briefly offline during the day after issues surrounding the data leak were brought to light. The exchange is now fully operational for its 13 million active users.
The crypto industry is notorious for security breaches as such attacks can directly make money for the perpetrators.
A notable incident took place in April of this year involving cryptocurrency hardware wallet manufacturer Trezor. At that time, hackers managed to gain access to Trezor users’ email addresses by breaching a third-party newsletter provider and then utilizing the information to target users in a phishing scam, leading to losses.
So, as we are always saying, make sure to double- and triple-check that message before clicking on anything. Also check out URLs, the wording, and everything else just to be sure that the email is legit. In the vast majority of cases, just ignoring the email is the safest thing to do.