Important Security Notice: Data Breach Incident on June 5, 2024 | CoinGecko
Important Security Notice: Data Breach Incident on June 5, 2024 | CoinGecko
4.3
| by
CoinGecko
-
Updated June 08 2024
CoinGecko, the world’s largest independent cryptocurrency data aggregator, experienced a data breach on June 5, 2024, through its third-party email platform, GetResponse. As our users' privacy and security are of utmost importance to us, we are committed to providing you with a transparent account of what happened, the steps we have taken, and what you can do to protect yourself.
How did the data breach happen?
On June 5, 2024, around 06:30 AM UTC, we detected unusual activity on our third-party email marketing platform, GetResponse. An attacker had compromised a GetResponse employee’s account, leading to a breach. We received confirmation from the GetResponse team on 6 June, 2024, at 11:58 AM UTC, that a data breach had occurred.
While no phishing emails were sent from CoinGecko’s domain, the attacker exported 1,916,596 contacts from CoinGecko's GetResponse account and sent phishing emails to 23,723 emails from another GetResponse client’s account (alj.associates). This activity was flagged by one of our employees, and we worked with GetResponse to promptly block further email delivery.
Join eToro-offering crypto trading since 2013
Buy, sell cryptoassets with a pioneering, established broker, trusted by millions worldwide. Don’t invest unless you’re prepared to lose all the money you invest.
Sponsored
What data was compromised?
Personal information that was unfortunately compromised in this incident included users’ name (if provided during sign-up), email address, IP address and location of email opens as well as other metadata, such as account sign-up date and subscription plan.
CoinGecko user accounts remain secure, and no passwords were compromised.
How do I know if I was affected?
We have directly notified users affected by the data breach, through email.
Our response and next steps
We are actively investigating this situation with GetResponse and informing all affected users. Additionally, we are thoroughly reviewing our security procedures and will look to enhance our security protocols in collaboration with our vendors.
What can you do to protect yourself?
Please stay vigilant and exercise caution when opening any emails, as there could be an increase in phishing or spam emails. CoinGecko is not the only crypto company impacted in this organized, targeted attack. To protect yourself:
Be cautious of emails from unfamiliar or misleading domains.
Avoid clicking on links or downloading attachments from unsolicited sources.
Be wary of emails that claim to offer token airdrops.
Any email claiming to offer token airdrops by CoinGecko or GeckoTerminal are unauthorized emails sent by the attacker. We do NOT have any officially issued coins or tokens.
For further assistance or concerns, please reach out to us via our support portal: https://support.coingecko.com/hc/en-us/requests/new.
We sincerely apologize for the inconvenience caused, and appreciate your understanding and patience as we navigate through this.
Sincerely,
The CoinGecko team
4.3
| by
CoinGecko
-
Updated June 08 2024
CoinGecko, the world’s largest independent cryptocurrency data aggregator, experienced a data breach on June 5, 2024, through its third-party email platform, GetResponse. As our users' privacy and security are of utmost importance to us, we are committed to providing you with a transparent account of what happened, the steps we have taken, and what you can do to protect yourself.
How did the data breach happen?
On June 5, 2024, around 06:30 AM UTC, we detected unusual activity on our third-party email marketing platform, GetResponse. An attacker had compromised a GetResponse employee’s account, leading to a breach. We received confirmation from the GetResponse team on 6 June, 2024, at 11:58 AM UTC, that a data breach had occurred.
While no phishing emails were sent from CoinGecko’s domain, the attacker exported 1,916,596 contacts from CoinGecko's GetResponse account and sent phishing emails to 23,723 emails from another GetResponse client’s account (alj.associates). This activity was flagged by one of our employees, and we worked with GetResponse to promptly block further email delivery.
Join eToro-offering crypto trading since 2013
Buy, sell cryptoassets with a pioneering, established broker, trusted by millions worldwide. Don’t invest unless you’re prepared to lose all the money you invest.
Sponsored
What data was compromised?
Personal information that was unfortunately compromised in this incident included users’ name (if provided during sign-up), email address, IP address and location of email opens as well as other metadata, such as account sign-up date and subscription plan.
CoinGecko user accounts remain secure, and no passwords were compromised.
How do I know if I was affected?
We have directly notified users affected by the data breach, through email.
Our response and next steps
We are actively investigating this situation with GetResponse and informing all affected users. Additionally, we are thoroughly reviewing our security procedures and will look to enhance our security protocols in collaboration with our vendors.
What can you do to protect yourself?
Please stay vigilant and exercise caution when opening any emails, as there could be an increase in phishing or spam emails. CoinGecko is not the only crypto company impacted in this organized, targeted attack. To protect yourself:
Be cautious of emails from unfamiliar or misleading domains.
Avoid clicking on links or downloading attachments from unsolicited sources.
Be wary of emails that claim to offer token airdrops.
Any email claiming to offer token airdrops by CoinGecko or GeckoTerminal are unauthorized emails sent by the attacker. We do NOT have any officially issued coins or tokens.
For further assistance or concerns, please reach out to us via our support portal: https://support.coingecko.com/hc/en-us/requests/new.
We sincerely apologize for the inconvenience caused, and appreciate your understanding and patience as we navigate through this.
Sincerely,
The CoinGecko team