A data breach occurred at the cryptocurrency exchange Gemini, resulting in the leak of 5.7 million emails. While Gemini stated that “some Gemini customers have recently been the target of phishing campaigns,” the exchange stated that “no Gemini account information or systems have been impacted.”
The Gemini product security team issued a brief notice stating that an unnamed third-party vendor experienced a “incident” that allowed an unauthorised actor to collect email addresses and incomplete phone numbers from some Gemini customers.
Customers of the cryptocurrency exchange received phishing emails as a result of the breach. The attacker’s goal has not been revealed, but such access to accounts and financial information is typically what threat actors seek. The hackers advertised the Gemini database, but Gemini claims the hackers did not have access to the full phone numbers because some were obfuscated.
The sources for this piece include an article in BleepingComputer.