While reports revealed that the Gemini leak was about “5,701,649 lines of Gemini customer information“, Gemini did not disclose how many customers were affected by the breach. Additionally, according to Bleeping Computer cybersecurity writer Ionut Ilascu, data from the Gemini customer information leak was made available for sale on hacker forums as early as September 2022.
Gemini customer data leak discovered on several hacker forums
Three days ago, Bitcoin.com News reported on crypto-currency exchange Gemini after a database containing the phone numbers and email addresses of 5.7 million Gemini users was discovered to be leaked. The crypto-currency reporter, Zhiyuan Sun, explained that he witnessed documents showing “5,701,649 lines of Gemini customer information.“
Gemini on December 14, 2022, in a blog post, Gemini explained that the breach likely came from a third-party vendor. The exchange did not explain how many customer accounts were affected and Gemini did not specify which third-party vendor was responsible for the data breach. The next day, after Gemini’s blog post was published, Bleeping Computer cybersecurity writer Ionut Ilascu published an article explaining that Gemini’s leaked database had been for sale since September 2022.
Ilascu claims that there was “several posts on a hacker forum” that showed the leak was for sale, including one discovered by cybercrime intelligence platform Kela. One user attempted to sell the leak for 30 BTC or about $500,000 at the current bitcoin exchange rate. Ilascu also revealed that the data leak also appeared on hacker forums in October 2022, when the seller used “another alias.”
Another person shared the information in mid-November on a hacker site, and this particular post stated that not only did the leak contain Gemini data, but that other exchanges would have been included. The post on Breachforums also offered the database for free before the account was banned from the forum. The now-banned user also told forum users that three digits of customer phone numbers were missing from the database leak.