Crypto exchange Gemini announced this week that customers were being targeted in phishing campaigns after a malicious actor harvested their personal information from a third-party vendor.

The notification comes after several posts on hacker forums seen by BleepingComputer offered to sell a database allegedly from Gemini containing phone numbers and email addresses of 5.7 million users.

Secure funds and account data

The Gemini Product Security Team has released a short to remark that an anonymous third-party vendor suffered an “incident” that allowed an unauthorized actor to harvest incomplete email addresses and phone numbers belonging to certain Gemini customers.

As a result of the breach, customers of the crypto exchange received phishing emails. The attacker’s goal was not disclosed, but this access to accounts and financial information is usually what threat actors seek.

In its brief report, Gemini stresses that account information and its systems were not impacted and that funds and customer accounts “remain secure”.

Hackers Announce Gemini Database

The notification comes after several posts on a hacker forum offered to sell a database allegedly from Gemini containing the phone numbers and email addresses of 5.7 million users.

A first attempt to monetize the database took place in September. The author did not mention the freshness of the information, but asked for 30 bitcoins (about $520,000 at the current exchange rate).

In October, another article was published under another pseudonym claiming that the data was from September.

Yet another post under a different username (now banned on the forum) appeared in mid-November, offering databases from several crypto exchanges, including one from Gemini that allegedly had the same type of information. for 5.7 million users.

It seems that none of the attempts to monetize the database worked, as another ad appeared on another forum offering the information for free.

The author of the post shared the format of the phone numbers, noting that the middle three digits are missing.

Gemini advises its customers to rely on strong authentication methods and recommends enable two-factor authentication (2FA) and/or protection use of hardware security keys to access their accounts.

The company also provides the necessary steps to change the email address associated with the Gemini account.