- Customer emails and phone numbers leaked in Gemini data breach.
- The firm states a third party was at fault for the breach.
- Users claim the breach transpired long before Gemini acknowledged it.
Cryptocurrency trading platform Gemini disclosed on December 14 that some of its users had fallen victim to phishing attacks. It said they were the “result of an incident at a third-party vendor.” Meanwhile, Chinese media outlet Wu Blockchain adds that 5.7 million users may have been compromised.
The breach resulted in the leaking of sensitive information, including customers’ email addresses and phone numbers. However, because specific phone numbers were obfuscated, the hackers could not access all of the phone numbers.
The exposed database did not include names, addresses, and other “Know Your Customer” details. Additionally, the document included duplicate email addresses. Thus, the actual number of consumers affected is probably smaller than estimated. The exchange has also assured customers that their accounts and systems are secure.
As per Gemini product security team:
No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure.
However, according to several Gemini users, the attack had transpired long before the exchange made the announcement. Users of the official Gemini subreddit have complained for weeks about randomly receiving targeted phishing emails. Reddit user DaveJonesBones stated in a November post that he was the victim of a phishing attack using a Gemini-only email address.
“I got the hump because I’d specifically opted-out to all marketing emails from Gemini. Was about to unsubscribe (again) and realised this thing didn’t actually come from Gemini directly,” the user wrote.
A Gemini representative had acknowledged this incident at the time, stating that the issue was being reported to their team. A similar thread by u/Opfu last week suggested that Gemini was already aware of the issue.
“I just got an email claiming that my Exodus wallet was linked to the Binance exchange from Bermuda. I ONLY use that particular email address at Gemini. When I asked Gemini, they confirmed a breach at a third-party vendor. Customer emails and partial phone numbers,”
Moreover when the user asked if they were planning on informing users, the team replied by thanking them for the feedback.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
