Compromised Data Of 5.7M Gemini Crypto Exchange Users Given Away On Hacking Forums
The third-party vendor that suffered a data breach has yet to be named. Cybercriminals have attempted to sell the database multiple times on hacker forums, but have not provided many details in their posts. The stolen database first appeared for sale back in September, with the seller asking for thirty Bitcoin (~$670K at Bitcoin’s height that month) in exchange for a list of Gemini customers’ emails and partial phone numbers. The database was listed for sale two more times under different usernames, once in October and once in November.
Regardless, the personal information of Gemini’s 5.7 million customers is now publicly available online. According to the Breach Forums post, the stolen database includes customer’s email addresses, partial phone numbers, and partial Social Security numbers. The post states that the database is missing the middle three digits of customers’ Social Security numbers, but doesn’t specify what makes the phone numbers incomplete.
While, Gemini’s blog post doesn’t offer any details about the data breach, it does offer some recommended steps that customers can take to protect their accounts in light of the ongoing phishing campaigns. The first of these recommendations is for customers to change the email addresses associated with their accounts. Since the threat actors conducting phishing campaigns are contacting customers at the email addresses revealed in the data breach, associating different email addresses with Gemini could help users identify phishing attacks. Once a new email address is set, legitimate emails from Gemini should be sent to that address going forward, while the phishing emails will still be sent to the old address.
Threat actors may also attempt to conduct credential stuffing attacks on Gemini customers by cross-referencing their email addresses with other data breaches to source passwords. Gemini accounts “protected” by passwords re-used across multiple accounts could then be breached. Thus, Gemini customers without strong, unique passwords protecting their accounts should change their passwords. and potentially their email addresses as well, to ensure that threat actors can’t obtain their login credentials through prior data breaches. Two-factor authentication (2FA) is an additional recommended security measure that Gemini customers can enable on their accounts to ensure that this data breach doesn’t escalate to unauthorized account access.