A third-part vendor related to Gemini appeared to have suffered a data breach on or before Dec. 13. According to documents, hackers gained access to 5,701,649 lines of information pertaining to Gemini customers’ email addresses and partial phone numbers. In the case of the latter, hackers apparently did not gain access to the full phone numbers, as certain numeric digits were obfuscated. After the news came to light, Gemini has since clarified in a blog post that the breach appeared to be "result of an incident at a third-party vendor" but also warned of ongoing "phishing campaigns" as a result of the data leak.
The leaked database did not include sensitive personal information such as names, addresses and other Know Your Customer information. In addition, some emails were repeated in the document; thus, the number of customers affected is likely lower than the total rows of information. Gemini currently has 13 million active users. Regarding the incident, Gemini has issued the following statement:
"Some Gemini customers have recently been the target of phishing campaigns that we believe are the result of an incident at a third-party vendor. This incident led to the collection of Gemini customer email addresses and partial phone numbers. No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure."
Security breaches in the Web3 industry, even if mild in nature, can have serious consequences. One such incident took place in April this year and involved cryptocurrency hardware wallet manufacturer Trezor. Hackers gained access to Trezor users’ email addresses by breaching a third-party newsletter provider and then utilized the information to target users in a phishing scam, leading to losses.