CoinGecko confirms Data Breach from Email Provider with 1,916,596 Contacts Stolen
On June 5, 2024, CoinGecko, the largest independent cryptocurrency data aggregator in the world, discovered a data breach via GetResponse, a third-party email marketing platform.
🚨 Important Security Notice: On 5 June, 2024, we experienced a data breach via our third-party email platform, GetResponse.
Affected users have been notified directly by email. Your security is our top priority and we are taking immediate steps to address this issue.
For more… pic.twitter.com/SBOaX6F6r1— CoinGecko (@coingecko) June 7, 2024
We received now 2 independent confirmations that a prominent vendor used by crypto companies to manage mailing lists might have been compromised.
Not making names yet until investigation is completed, but please beware of any emails suggesting crypto-airdrops received since 24h…— Paolo Ardoino 🤖🍐 (@paoloardoino) June 5, 2024
CoinGecko has now released an official security notice on the incident. The company stated that since we place the highest priority on the security and privacy of our users, we are dedicated to giving you an open and honest explanation of what transpired, the actions we have taken, and the precautions you can take to stay safe.
At approximately 06:30 AM UTC on June 5, 2024, we detected unusual activity on GetResponse, our third-party email marketing platform. An employee of GetResponse had their account compromised by an attacker, which resulted in a breach. On June 6, 2024, at 11:58 AM UTC, we were notified by the GetResponse team that there had been a data breach, the statement added.
Even though CoinGecko's domain did not send any phishing emails, the attacker exported 1,916,596 contacts from CoinGecko's GetResponse account and used that account to send phishing emails to 23,723 emails (alj.associates). Our employee reported this activity, and we quickly blocked further email delivery by working with GetResponse.
CoinGecko reassured users after the data breach incident that no passwords were compromised and accounts remained secured. However, personal information such as the user's name (if provided during registration), IP address, and email address, as well as the subscription plan and account sign-up date, have been unfortunately compromised.
The independent crypto data aggregator CoinGecko further stated that it has taken action by informing affected users of the data breach through email and actively investigating this situation with GetResponse. In addition, the company is carefully examining its security protocols and will work with vendors to enhance CoinGecko security protocols.
CoinGecko advised users to be security conscious when opening their emails, as it is not the only cryptocurrency company affected by the organized data breach attack. Emails claiming to be from CoinGecko or GeckoTerminal offering token airdrops are unauthorized emails sent from the attacker, as the company does not have any officially issued tokens or coins.
In a June 5 X post, Paolo Ardoino, the CEO of Tether, warned his 234,000 followers that a well-known email service provider that is often used by cryptocurrency companies may have been compromised in a data breach.
This was further confirmed by CoinGecko's co-founder and chief operating officer, Bobby Ong, who tweeted on the X social media platform to alert users that CoinGecko might be impacted.
Disclaimer: This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.