On or before December 13, there seems to have been a data breach at a third-party vendor connected to Gemini. Hackers had access to 5,701,649 lines of data, including account numbers, email addresses, and partial phone numbers for Gemini clients.
Since some of the numeric digits were obfuscated, hackers could not get the whole phone numbers. Gemini emphasized in a blog post following the revelation that the breach looked to be the “result of an incident at a third-party vendor,” but it also issued a warning about ongoing “phishing campaigns” as a result of the data leak.
Names, addresses, and other sensitive personal data, such as Know Your Customer, were not included in the released database. The number of clients affected is probably less than the total number of rows of data because some emails were duplicated in the document. There are currently 13 million users of Gemini. Gemini has made the following comment on the incident:
“Some Gemini customers have recently been the target of phishing campaigns that we believe are the result of an incident at a third-party vendor. This incident led to the collection of Gemini customer email addresses and partial phone numbers. No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure.”
Even minor security vulnerabilities in the Web3 sector might have major repercussions. One such event involves Trezor, a maker of cryptocurrency hardware wallets, and happened in April of this year. By hacking a third-party newsletter provider, hackers were able to get the email addresses of Trezor users. They then used this information to target customers in phishing scams, which resulted in losses.
In the course of the day, once concerns over the data leak were revealed, the Gemini exchange also temporarily went offline. At the time of writing, the exchange is fully operational.