ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Gemini Data Breach

gemini.com
Significant exposure
Verified breach
Accounts exposed 5,274,214
Breach date 13 Dec 2022
Added to tracker 16 Dec 2022
Data classes 2

What happened

In late 2022, a hacker posted a data set to a public hacking forum which they alleged was sourced from the Gemini crypto exchange, a claim that was later proven to be false as the data was traced back to an incident at a third-party vendor. The source of the breach was later established as being Twilio, who processed the data of some Gemini customers using their Authy service for 2FA. Twilio described the incident as stemming from a sophisticated social engineering attack designed to steal employee credentials.

Exposed data

Email addresses Partial phone numbers

Recommended actions

  • Watch for targeted phishing emails referencing Gemini โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP