Crypto data company CoinGecko encountered a security breach on June 5, stemming from a vulnerability in its third-party email marketing service, GetResponse.
The breach occurred when an unauthorized individual gained access to a GetResponse employee’s account, leading to the extraction of nearly 2 million contacts from CoinGecko’s GetResponse profile. Subsequently, the perpetrator exploited another client’s GetResponse account to distribute 23,723 phishing emails. However, no fraudulent activity originated from CoinGecko’s domain.
While CoinGecko assured users that their account credentials remained secure, the breach resulted in the exposure of sensitive data, including user names, email addresses, IP addresses, and locations of email opens.
In response, CoinGecko launched an investigation in collaboration with GetResponse to address the breach and inform affected users promptly. Additionally, the company is reviewing its security measures and plans to bolster its protocols in coordination with its service providers to prevent future breaches.
As a precaution, CoinGecko advises users to exercise caution when encountering emails related to airdrops, refrain from clicking on links or downloading attachments from unsolicited emails, and adhere to recommended security practices.