ShellCodeX Breach Report
Gemini Data Breach
gemini.com
Verified breach
Accounts exposed
5,274,214
Breach date
13 Dec 2022
Added to tracker
16 Dec 2022
Data classes
2
What happened
In late 2022, a hacker posted a data set to a public hacking forum which they alleged was sourced from the Gemini crypto exchange, a claim that was later proven to be false as the data was traced back to an incident at a third-party vendor. The source of the breach was later established as being Twilio, who processed the data of some Gemini customers using their Authy service for 2FA. Twilio described the incident as stemming from a sophisticated social engineering attack designed to steal employee credentials.
Exposed data
Email addresses
Partial phone numbers
Recommended actions
- Watch for targeted phishing emails referencing Gemini โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP