Data stolen from 5.7M Gemini users leaked

BleepingComputer reports that cryptocurrency exchange Gemini had data from 5.7 million users stolen and leaked on hacking forums as a result of a data breach. Threat actors behind the attack were able to exfiltrate Gemini customers' personal information, including phone numbers and email addresses, from an unspecified third-party vendor before targeting customers in phishing attacks, according to Gemini, which emphasized that the intrusion has not impacted customer accounts and funds. Posts advertising the Gemini database on hacker forums began in September, with the stolen data being offered for 30 bitcoins, or nearly $520,000. Data stolen from Gemini was further promoted in hacker forums in October using a different alias. Another post in mid-November offered the same Gemini database with other databases from various cryptocurrency exchanges before a separate announcement in another forum offered the database for free. Gemini clients have been advised to enable two-factor authentication and use hardware security keys to avert malicious attacks.