What company experienced a data breach involving its third-party email management platform?

CoinGecko, a cryptocurrency data aggregator, experienced a data breach involving its third-party email management platform, GetResponse.

When was the data breach at CoinGecko reported?

The data breach was reported on June 5, 2024.

What information was exposed in the CoinGecko data breach?

The exposed data includes names, email addresses, IP addresses, locations of email opens, and metadata such as sign-up dates and subscription plans.

How many CoinGecko users were affected by the data breach?

The contact information of 1,916,596 CoinGecko users was exposed.

What did the attackers do with the compromised account?

The attackers leveraged the compromised account to send phishing emails to addresses from another GetResponse client’s account, aiming to steal sensitive information such as crypto wallet private keys through address poisoning scams.

Are CoinGecko user accounts and passwords secure following the breach?

CoinGecko claims that user accounts and passwords on the platform remain secure.

What steps has CoinGecko taken following the data breach?

CoinGecko has actively engaged with GetResponse to investigate the breach, notified affected users, and is reviewing its security procedures to prevent future incidents.

What advice does CoinGecko give to users to mitigate risks?

CoinGecko advises users to verify the authenticity of emails, enable two-factor authentication (2FA) on crypto platforms, avoid clicking on links or downloading attachments from unsolicited emails, and be cautious of emails offering token airdrops.

Incident

CoinGecko reports data breach caused by third party email provider, exposed 23k people

published: June 7, 2024

Learn More

CoinGecko, a cryptocurrency data aggregator, has reported a data breach impacting its third-party email management platform, GetResponse. The incident was disclosed following reports of new crypto airdrop scams.

On June 5, 2024, attackers compromised a GetResponse employee's account, allowing them to export the contact information of 1,916,596 CoinGecko users. The exposed data includes:

Names
Email addresses
IP addresses
Locations of email opens
Metadata such as sign-up dates and subscription plans

The attacker leveraged the compromised account to send phishing emails, totaling 23,723, to addresses from another GetResponse client’s account. The phishing emails aimed to steal sensitive information such as crypto wallet private keys through address poisoning scams.

CoinGecko claims that the user accounts and passwords on the platform remain secure.

CoinGecko has actively engaged with GetResponse to investigate the breach. Affected users have been notified, and the company is reviewing its security procedures to prevent future incidents.

To mitigate risks, CoinGecko advises users to:

Verify the authenticity of emails
Enable two-factor authentication (2FA) on crypto platforms
Avoid clicking on links or downloading attachments from unsolicited emails
Be cautious of emails offering token airdrops

CoinGecko reports data breach caused by third party email provider, exposed 23k people

Read More
Cloud Misconfiguration exposes 273,000 records of Indian bank …
Hillsborough County reports MOVEit related data breach, exposes …
SatoshiLabs Trezor Twitter account hacked due to phishing
Wilton Reassurance reports MOVEit related Data Breach
IMF Investigates cybersecurity breach email accounts