The Gemini cryptocurrency exchange’s third-party vendor has reportedly endured a data breach. The incident has led to 5.7 million users’ information getting leaked in what is referred to as a ‘supplier incident.’
The breached data collection of Gemini customers’ email and various (partial) phone numbers led the hacker to access 5,701,649 information lines.
Fortunately the said hacker couldn’t access complete phone numbers since some digits weren’t visible. Gemini has officially addressed the incident via its blog that the said event is indeed the “result of an incident at a third-party vendor.”
The hacked database luckily didn’t provide access to and reveal personally identifiable details, such as names, addresses, and KYC information.
Gemini has made it clear that no account information or systems of the exchange were affected under the breach.
Gemini’s official statement pertaining to the said data breach is as follows:
Some Gemini customers have recently been the target of phishing campaigns that we believe are the result of an incident at a third-party vendor. This incident led to the collection of Gemini customer email addresses and partial phone numbers. No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure.
Lately, the web3 industry has often been targeted by security breaches.
Prior to Gemini, in April 2022, Trezor, a cryptocurrency hardware wallet manufacturer, got hacked. The breach allowed hackers to access email addresses of Trezor users via a third-party newsletter service provider.
The Gemini exchange went offline for a short period on Wednesday. But Gemini exchange is functioning as usual at press time.
Gemini product security team advises users to rely less solely on email addresses, and use two-factor authentication (2FA).