Gemini said that a "third-party" event resulted in the disclosure of users' emails and partial phone numbers.
The "Incident"
On or before December 13, there seems to have been a data breach at a third-party vendor connected to Gemini. According to papers retrieved, hackers were able to access 5,701,649 lines of data containing the email addresses and partial phone numbers of Gemini clients (1). Since some of the numeric digits in the later example were obscured, it appears that hackers were unable to get the whole phone numbers. due to the information disclosure.
Gemini's response
Names, addresses, and other sensitive personal data, such as Know Your Customer, were not contained in the released database. The number of clients affected (2) is probably less than the total number of rows of data because some emails were duplicated in the document. There are presently 13 million users of Gemini. Gemini has made the following comment on the incident:
We think that an issue caused recent phishing operations that targeted some Gemini customers at a third-party provider. Due to this issue, Gemini customers' email addresses and partial phone numbers were gathered. Due to this third-party issue, no Gemini client data or systems were affected, and all cash and customer Accounts are still safe.
Even minor security vulnerabilities in the Web3 sector might have major repercussions. One such event involves Trezor, a maker of bitcoin hardware wallets, and happened in April of this year. By hacking a third-party newsletter provider, hackers were able to get the email addresses of TREZOR users. They then used this information to target customers in phishing scams, which resulted in losses. Once concerns over the data leak were revealed, the Gemini exchange also momentarily went offline. At the time of publishing, the exchange was fully operational.
