Gemini, a cryptocurrency exchange run by the Winklevoss twins, reportedly suffered a data breach on or before December 13. Gemini clarified that all funds and customer accounts are safe.
Leaked Customer Email Addresses And Partial Phone Numbers
According to a Cointelegraph report, a third-party vendor related to Gemini seemed to suffer a data breach that leaked 5.7 million customer information including email addresses and partial phone numbers. The hackers did not gain access to the full phone numbers, as certain numeric digits were obscured.
The number of affected clients is probably less than the total number of rows of data because some emails were duplicated. Gemini has over 13 million active users. Gemini has become aware that some of its customers have been the targets of phishing attacks originating from a third-party vendor, the company said in a statement.
Gemini Email Leak Allegedly Occurred Earlier
Several users reached out to Cointelegraph, alleging that the Gemini leak occurred earlier than previously understood. Redditor with the username DaveJonesBones shared a thread in November in which he said he received a targeted phishing email from an address that was only registered on Gemini. In which it promoted a Cyberbroker NFT drop using Opensea branding.
In another Reddit thread from two weeks ago, username Exit_127 claimed that they received a phishing email from a MetaMask imposter regarding the need to sync their wallet due to the merge. The user claimed that Gemini is compromised and its user data is being used for complex phishing attempts.
No Account Information Or Systems Were Impacted
The hackers gained access to a specific database of the crypto exchange, although it did not contain any personal information such as names, addresses, and other Know Your Customer (KYC) information. Gemini clarified that all funds and customer accounts remain secure.
Gemini does not recommend using an email address as a substitute for secure authentication methods. In addition, the cryptocurrency exchange instructed steps on how to reset the email associated with the Gemini account.
It’s not uncommon for crypto companies to be targeted by phishing scams. Thus, Gemini highly recommends using two-factor authentication (2FA) and/or hardware security keys to protect its Gemini account. Moreover, Gemini reminded its customers to remain vigilant about phishing warning signs that are crucial for overall online security.