Hackers leak personal info allegedly stolen from 5.7M Gemini users

by | Dec 16, 2022 | News

million users Gemini personal data leak stolen

Post Views: 215

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

Multiple posts on hacker forums offered to sell a database allegedly from Gemini containing phone numbers and email addresses of 5.7 million users.

 

 

Gemini crypto exchange announced this week that customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor.

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

Funds and account data secure

 

The Gemini product security team published a short notice that an unnamed third-party vendor suffered an “incident” that allowed an unauthorized actor to collect email addresses and incomplete phone numbers belonging to some Gemini customers.

As a result of the breach, customers of the crypto exchange received phishing emails. The goal of the attacker has not been disclosed but such access to accounts and financial information is typically what threat actors are after.

In its short report, Gemini underlines that account information and its systems have not been impacted and that funds and customer accounts “remain secure.”

Trending: Exploit XSS Injections in a one-line powerful Technique

Trending: Offensive Security Tool: Pycrypt

Hackers advertise Gemini database

 

The notification comes after multiple posts on a hacker forum offered to sell a database allegedly from Gemini containing phone numbers and email addresses of 5.7 million users.

An early attempt to monetize the database was in September. The author did not mention how fresh the info was but asked for 30 bitcoins (about $520,000 at the current exchange rate).

 

Post offering to sell Gemini database with 5.7 million addresses
Post on hacker forum asking for 30 bitcoins for Gemini database with 5.7 million emails
source: KELA

 

In October, another post was published from a different alias claiming that the data was from September.

Yet another post under a different username (now banned on the forum) appeared in mid-November, offering databases from multiple crypto exchanges, including one from Gemini that supposedly had the same type of information for 5.7 million users.

It appears that none of the attempts to monetize the database worked as yet another announcement appeared on a different forum offering the information for free.

The author of the post shared the format of the phone numbers, specifying that the three digits in the middle are missing.

 

Gemini database with 5.7 million email addresses leaked on hacker forum
Post allegedly leaking Gemini database with 5.7 million emails and partial phone numbers
source: BleepingComputer

 

Gemini advises its customers to rely on strong authentication methods and recommends activating two-factor authentication (2FA) protection and/or the use of hardware security keys to access their accounts.

The company also provides the steps necessary for changing the email address associated with the Gemini account.

Trending: Kali Linux 2022.4 – New Release adds 6 new tools, Kali NetHunter Update, Azure

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This