A recent report claimed that the cryptocurrency exchange Gemini experienced a data breach that resulted in the leak of 5.7 million emails. The exchange insisted that “no Gemini account information or systems were impacted,” despite Gemini’s claim that “some Gemini customers have recently been the target of phishing campaigns.”
5.7 Million Accounts Affected by “Third Party” Associated Customer Data Leak at Gemini, Report Claims
The cryptocurrency news website Cointelegraph reported that a data breach resulted in the leak of “5,701,649 lines of information pertaining to Gemini customers” on December 14, 2022. According to a report by Zhiyuan Sun, the publication reviewed documents that revealed “Gemini customers’ email addresses and partial phone numbers” were included in the leak.
The breach was mentioned as being caused by a third party in a blog post about phishing incidents that Gemini published on the same day. According to a blog post by the trading platform, “Some Gemini customers have recently been the target of phishing campaigns that we believe are the result of an incident at a third-party vendor.” “This incident resulted in the collection of partial phone numbers and email addresses from Gemini customers.”
The following is added by Gemini:
This third-party incident had no impact on any Gemini account information or systems, and all funds and customer accounts are still secure.
Gemini is not the first cryptocurrency company to experience a data leak; in 2020, the maker of hardware wallets Ledger experienced problems with a customer data leak. The Indian cryptocurrency exchange Buyucoin was reportedly breached last year, and private information associated with 325,000 users is said to have been exposed. Prior to declaring bankruptcy, Celsius explained in July that customer data had been compromised. A month earlier, Opensea claimed to have experienced a data breach as well.
The security of customer funds and related accounts is described as the exchange’s “top priority” in the Gemini blog post. The company does not advise users to rely on “the secrecy of an email address as a substitute for strong authentication methods,” according to the Gemini statement. The business also provides detailed instructions on how to reset an email linked to a particular Gemini account.