GetBlock Magazine - What happened? The team of the leading cryptocurrency market data aggregator CoinGecko reported a leak of user data, which was caused by a hack of the third-party email platform GetResponse. An attacker hacked into the account of one of the GetResponse employees and thus gained access to information.
What else is known? The leak was discovered on June 5 and confirmed by GetResponse on June 6. The hacker exported 1,916,596 contacts from the CoinGecko account on the GetResponse platform and sent phishing emails to 23,723 addresses.
As a result of the incident, personal information was compromised, including username, email address, IP address and email login location, as well as other metadata, including account registration date and subscription plan for paid services.
At the same time, CoinGecko assured that the accounts on the aggregator’s platform remain secure, since the hacker did not gain access to the passwords. The team directly notified users affected by the leak via email.
CoinGecko apologized for the incident and urged caution when opening emails due to the risk of a phishing attack. Any airdrop eligibility notification from CoinGecko or GeckoTerminal is a scam as the platform has not officially issued any tokens.
“We are thoroughly reviewing our security procedures and will strive to improve our security protocols in collaboration with our suppliers,” the company concluded.
In 2022, a malicious pop-up window appeared on CoinGecko and other cryptocurrency portals asking to connect a crypto wallet, which also led to a phishing site to steal assets.
