- CoinGecko users are urged to exercise caution following the discovery of a security breach involving the company’s third-party email platform.
- The incident has resulted in the unauthorized access to user data, though account security remains uncompromised.
- A total of 1,916,596 contacts were exported by the attacker, with 23,723 of these recipients receiving phishing emails.
CoinGecko alerts users to potential phishing attempts following a breach of its third-party email platform, GetResponse. Stay informed to protect your data.
Security Breach at CoinGecko: What You Need to Know
On June 5th, CoinGecko identified suspicious activity on its GetResponse email marketing platform, prompting an immediate investigation. The breach was soon confirmed to involve compromised login credentials of a GetResponse employee, granting the attacker access to customer accounts.
Extent of Data Exposure
The breach led to the unauthorized extraction of user data, including names, email addresses, IP addresses, and other metadata such as email open locations and account subscription details. Despite this, CoinGecko has assured users that their accounts have not been compromised, with passwords remaining secure.
Impact on Users and Response Measures
The attacker exported nearly 2 million contacts from CoinGecko’s database and utilized another GetResponse client’s account to send phishing emails to 23,723 recipients. CoinGecko has rapidly coordinated with GetResponse to halt further email deliveries and mitigate potential damage. However, users are advised to remain vigilant as they may still encounter phishing or spam emails in the aftermath of the breach.
Official Communication and User Warning
CoinGecko has issued a warning to its users, clarifying that any emails claiming to offer token airdrops purportedly from CoinGecko or GeckoTerminal are fraudulent. The company does not issue any official tokens or coins, and such emails should be disregarded.
Conclusion
This incident underscores the importance of robust security measures, particularly for platforms handling sensitive user data. CoinGecko is actively investigating the breach alongside GetResponse, informing affected users, and reassessing its security protocols to prevent future occurrences. Users are encouraged to remain cautious and report any suspicious emails they receive.
