A third-part vendor related to Gemini appeared to have suffered a data breach on or before Dec. 13. According to documents obtained by Cointelegraph, hackers gained access to 5,701,649 lines of information pertaining to Gemini customers’ email addresses and partial phone numbers. In the case of the latter, hackers apparently did not gain access to the full phone numbers, as certain numeric digits were obfuscated. After the news came to light, Gemini has since clarified in a blog yazısı that the breach appeared to be “result of an incident at a third-party vendor” but also warned of ongoing “phishing campaigns” as a result of the data leak.
The leaked database did not include sensitive personal information such as names, addresses and other Know Your Customer information. In addition, some emails were repeated in the document; thus, the number of customers affected is likely lower than the total rows of information. Gemini currently has 13 million active users. Regarding the incident, Gemini has issued the following statement:
"Bazı Gemini müşterileri, son zamanlarda üçüncü taraf bir satıcıda meydana gelen bir olayın sonucu olduğuna inandığımız kimlik avı kampanyalarının hedefi oldu. Bu olay, Gemini müşteri e-posta adreslerinin ve kısmi telefon numaralarının toplanmasına yol açtı. Bu üçüncü taraf olayı sonucunda hiçbir Gemini hesap bilgisi veya sistemi etkilenmedi ve tüm fonlar ve müşteri hesapları güvende olmaya devam ediyor."
Security breaches in the Web3 industry, even if mild in nature, can have serious consequences. One such incident took place in April this year and involved cryptocurrency hardware wallet manufacturer Trezor. Hackers gained access to Trezor users’ email addresses by breaching a third-party newsletter provider and then utilized the information to target users in a phishing scam, leading to losses.
The Gemini exchange also went briefly offline during the day after issues surrounding the data leak were brought to light. The exchange is fully functional at the time of publication.
Update Dec. 14 5:30 pm UTC: Added comments and explanation of events from Gemini.
Update Dec. 14 5:40 pm UTC: Added clarifications on the nature of the incident after receiving confirmation on third-party data vendor involvement.
Update Dec. 14 5:45 pm UTC: Added the exchange’s temporary outage incident on the same day.
Update Dec. 15 6:15 pm UTC: Gemini has since clarified that no account numbers were breached as a result of the incident.
Update Dec. 15 7:30 pm UTC: Katma bağlantılar to related story “Kripto kullanıcıları, Gemini e-posta sızıntısının ilk bildirilenden çok daha erken gerçekleştiğini iddia ediyor"
Source: https://cointelegraph.com/news/gemini-allegedly-suffers-data-breach-5-7-million-emails-leaked