One of the many cryptocurrency exchanges just got hacked.
Crypto exchange Gemini recently announced that a hacker stole millions of customers' personal info from a third-party vendor, targeting many of them with phishing campaigns.
The hacker that stole the personal information is now allegedly putting them up for sale on multiple hacker forums; it is unknown if it is still being sold as of press time.
Gemini Security Breach Details
Gemini stated in its blog post that some of its customers have recently become the target of phishing campaigns that possibly was the result of a hacking incident at a third-party vendor.
The hacker managed to steal the personal info, including their email addresses and partial phone numbers, of 5.7 million Gemini customers, though the company assures that no account information or systems were compromised due to the hacking incident.
As such, customers' funds and accounts remain secure, and their security is the company's top priority.
However, since the hacker managed to steal customers' emails and partial phone numbers, they can now send fake emails to affected customers. To do so, the hacker went on the previously mentioned phishing campaign, probably in an attempt to trick them into providing their account and financial information, which they are usually after.
The hacker also tried to sell the personal info they stole in September for 30 bitcoins, or about $520,000 at the current exchange rate, per Bleeping Computer.
Read More: Moderna-Merck's Experimental mRNA Cancer Vaccine Trial Show Promising Results
However, they were unsuccessful in doing so, which led them to try again in October. That, too, as well as their succeeding attempts, were unsuccessful in getting a buyer.
Finally, the hacker switched to a different hacking forum and offered the info for free.
How To Protect Against Phishing Campaigns
Gemini advises affected customers to rely on strong authentication methods, along with activating additional security features to better prevent hackers from exploiting the information they stole.
The company first recommends resetting the email associated with their Gemini account and enabling two-factor authentication, as well as setting up a hardware security key to access their accounts.
Here are the steps Gemini provided to reset a Gemini account's email:
- Login to your account through a web browser and go to "https://exchange.gemini.com/settings/security"
- Click "Security Options" on the right-hand corner, which opens a drop-down menu
- Select "Change Email" from the menu
- enter the new email and current Gemini account password to change your email address
People who wish to use two-factor authentication on their Gemini account should go to the Authy Creation page to install the Authy app.
Once installed, the app will prompt them to enter their phone number, preferably the same one registered with their Gemini account.
When that's done, an SMS text message will a code will enter into the Authy app, and the Gemini token should reappear after some time.
Should they not receive a text message, or when their token does not reappear, resetting their account at the Authy Reset page could help.
Related Article: New Azov Ransomware Can Wipe Your Data Clean - Here's What We Know
