21. 3. 2023
On June 5, 2024, CoinGecko, the world’s largest independent cryptocurrency data aggregator, reported a significant data breach. This breach occurred through a third-party email marketing platform, GetResponse, leading to the compromise of personal information for nearly 2 million users.
Details of the Data Breach
CoinGecko detected unusual activity on their GetResponse account early in the morning of June 5. An attacker had compromised a GetResponse employee’s account, which led to unauthorized access and data export. The breach affected personal information including names, email addresses, IP addresses, and metadata such as account sign-up dates. Fortunately, no passwords were compromised, and CoinGecko user accounts remain secure.
Quick Timeline of the Incident
June 5, 2024, 06:30 AM UTC: Unusual activity detected on CoinGecko’s GetResponse account.
June 6, 2024, 11:58 AM UTC: GetResponse confirms the data breach.
June 6, 2024: CoinGecko begins notifying affected users and working with GetResponse to block further unauthorized email deliveries.
Impact and Response
This breach has highlighted the importance of securing third-party platforms that handle sensitive user information. CoinGecko acted swiftly to address the breach, coordinating with GetResponse to halt further unauthorized activity. Users have been advised to remain vigilant for phishing emails and avoid clicking on links or downloading attachments from unsolicited sources. CoinGecko continues to review and enhance its security protocols to prevent future incidents.
CoinGecko has emphasized that no phishing emails were sent from its domain, but the attacker used the compromised GetResponse account to send phishing emails to a subset of users. The company has assured its users that they are actively investigating the situation and implementing additional security measures.
What Users Can Do
CoinGecko has provided several recommendations for users to protect themselves:
Be cautious of emails from unfamiliar or misleading domains.
Avoid clicking on links or downloading attachments from unsolicited sources.
Be wary of emails claiming to offer token airdrops, as CoinGecko does not have any officially issued coins or tokens.
For further assistance or concerns, CoinGecko has set up a support portal to address user queries related to the breach.