Gemini

Gemini cryptocurrency exchange has issued a warning about phishing operations that are aimed at its users after a threat actor used a third-party vendor hack to get their data. The business emphasised that none of its systems were affected.

The initial revelation on the story came from Bleeping Computer, which saw various offers on hacking forums for a database that purportedly contained the names, addresses, and phone numbers of 5.7 million Gemini subscribers.

The company's advisory also offers security best practises to lessen exposure to phishing attempts.

It is advised for users to use hardware security keys in conjunction with two-factor authentication (2FA) protection to access their accounts.

Source: https://securityaffairs.com/139742/data-breach/5-7m-gemini-users-leak.html

TPRM report: https://scoringcyber.rankiteo.com/company/geminitrust

"id": "gem1944151023",
"linkid": "geminitrust",
"type": "Breach",
"date": "12/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '5.7 million',
                        'industry': 'Financial Services',
                        'name': 'Gemini',
                        'type': 'Cryptocurrency Exchange'}],
 'attack_vector': 'Third-party vendor hack',
 'customer_advisories': 'Public advisory and security best practices',
 'data_breach': {'number_of_records_exposed': '5.7 million',
                 'personally_identifiable_information': True,
                 'type_of_data_compromised': ['names',
                                              'addresses',
                                              'phone numbers']},
 'description': 'Gemini cryptocurrency exchange has issued a warning about '
                'phishing operations targeting its users after a threat actor '
                'used a third-party vendor hack to obtain their data.',
 'impact': {'data_compromised': ['names', 'addresses', 'phone numbers']},
 'motivation': 'Phishing',
 'recommendations': ['Use hardware security keys',
                     'Enable two-factor authentication (2FA)'],
 'references': [{'source': 'Bleeping Computer'}],
 'response': {'communication_strategy': 'Public advisory and security best '
                                        'practices'},
 'title': 'Gemini Cryptocurrency Exchange Phishing Incident',
 'type': 'Phishing',
 'vulnerability_exploited': 'Data breach via third-party vendor'}

Gemini

Ingram Micro Holding Corporation

Louis Vuitton

WideOpenWest (WOW!)