Crypto data aggregator CoinGecko recently experienced a security breach due to a vulnerability in its third-party email marketing service, GetResponse. The breach occurred when an unauthorized person gained access to a GetResponse employee’s account, leading to the extraction of almost 2 million contacts from CoinGecko’s GetResponse profile. Subsequently, the attacker used another client’s GetResponse account to send out 23,723 phishing emails. However, no fraudulent activity originated from CoinGecko’s domain.
CoinGecko has assured its users that their account credentials remain secure, but sensitive information such as user names, email addresses, IP addresses, and locations of email opens has been exposed. The company is taking immediate action by launching an investigation in collaboration with GetResponse to address the breach and notify affected users promptly. Additionally, CoinGecko is reviewing its security measures and will strengthen its protocols in conjunction with its service providers to prevent future breaches.
As a precautionary measure, CoinGecko advises users to be cautious when encountering emails related to airdrops, avoid clicking on links or downloading attachments from unsolicited emails, and follow recommended security practices.