Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
This week, the Gemini cryptocurrency exchange disclosed that after a threat actor obtained the clients’ data from a third-party vendor, they became the victim of phishing attacks.
BleepingComputer identified multiple posts on hacker forums offering to sell a database allegedly from Gemini containing email addresses, phone numbers, and other personal data of 5.7 million users.
Systems and Customers Accounts “Remain Secure”
Gemini posted a short notice on their website announcing that an unnamed third-party vendor suffered an “incident” allowing threat actors to collect personal data belonging to Gemini customers.
The cryptocurrency exchange platform’s customers got phishing emails because of the incident. Although the attacker’s intentions are unknown, threat actors frequently want access to accounts and financial data. Gemini underlined in its report that account information and its systems have not been impacted following the breach and that funds and customer accounts remain secure.
Database Up for Sale on Hackers Forums
As reported by BleepingComputer, the alert was sent out following several posts on a hacker site offering to sell a database that purportedly belonged to Gemini and contained the contact information for 5.7 million members.
The first attempt to monetize the database was in September when a threat actor asked for 30 bitcoins (approximately $520,000 at the current exchange rate).
Another post was released in October using a new account and claimed that the information was from September.
Midway through November, another post under a different account (since banned on the forum) offered databases from various cryptocurrency exchanges, including one from Gemini that purportedly had the same information for 5.7 million members. It appears that none of the attempts to monetize the database was successful.
Post Leaking a Gemini Database with 5.7 million entries (Source)
Gemini recommends its customers to activate two-factor authentication (2FA) protection, or use hardware security keys to access their accounts to keep them more secure from other potential attacks.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
