Another Data Breach - CoinGecko - Have You Been Pawned?

8uVB...zE69
10 Jun 2024
322

Once again, a data breach leads to thousands of users' account data being stolen.
This time, it happened to a Coingecko—not directly but through a third-party software provider named GetResponse.
Security breaches happen occasionally to reputable companies as well. And will continue to happen in the future.
As long as the Internet exists, companies and their users will continue to be affected by security breaches.
But we, Internet users, have the means to minimize the impact, prevent personal details from being stolen, and avoid falling for those phishing scams that often follow up data leaks.

GoinGecko's Notice to their Users

A summary:

CoinGecko experienced a data breach on June 5, 2024, via its email platform, GetResponse.
An attacker compromised a GetResponse employee's account, exporting 1,916,596 contacts and sending phishing emails to 23,723 addresses.
Compromised data included names, email addresses, IP addresses, and other metadata, but user accounts and passwords remain secure.

Read the Full CoinGecko Notice Here

GetResponse Disclosure of What Happened

A summary:

On June 5th, GetResponse identified unauthorized access to an internal tool due to a sophisticated attack exploiting third-party software vulnerabilities.
Fewer than 10 customer accounts were affected. Immediate actions included notifying impacted customers, securing infrastructure, informing institutions, enhancing internal security, auditing third-party apps, and blocking malicious content.
GetResponse is committed to supporting affected customers and preventing future incidents. They emphasize transparency and security, ensuring continuous updates and improvements.

Read the Full GetReponse Notice Here

CoinGecko User - Have You Been Pawned?

If you have a CoinGecko account, you may want to know if your email address has been leaked.
You can use an online tool like Have I Been Pwned?:

Alternatively, you can also use your email provider's security features:


What Can You Do to Minimize the Impact of a Data Breach

In the CoinGecko Data Breach, the following user information has been disclosed:

  • Name
  • Email Address
  • IP address

The user names and addresses will probably be used to send phishing emails impersonating GoinGecko, asking the victim to click on a phishing link and provide cryptocurrency wallet details.
But, the worst is that once sensitive details are disclosed, they will be sold and re-sold on the dark web and used and re-used in phishing attacks.


Two good practices when it comes to creating online accounts are:

  • Do not provide personal information like name, surname, address, date of birth, etc.
  • Use disposable email addresses. Never use one of your primary email addresses, such as those used to log into your most valuable accounts, such as your Microsoft or Google accounts.


Use and Email Address Without Personable Identifiable Information in It.

Avoid using email addresses with personal identifiers like your name, surname, or year of birth, such as name_surname@google.abc
Because such an account provides far too much personal information that can be used to create a sophisticated phishing attack or even try to breach your email account password.

Use email aliases

An email alias is an additional email address that forwards emails to your primary email account.
It is not a separate email account but a different address redirecting messages to your main inbox.
Email aliases are often used to organize incoming emails, maintain privacy, or reduce spam.
Some email service providers offer free aliases, while others require a paid account:
How to create Gmail aliases
How to create Outlook aliases
How to create Protonmail aliases (requires paid plan)

How Email Aliases Work

If an alias used for a specific purpose is exposed in a data breach, your primary email address remains protected. You can disable or delete the compromised alias and create a new one without changing your email address.

  • Primary Email Account: Your main email address where you receive and manage all your emails.
  • Alias Creation: An alias is created through your email provider's settings. It can be a variation of your main email address or a completely different address.
  • Forwarding: Emails sent to the alias address are automatically forwarded to your primary email account.

If an alias starts receiving spam, you can easily delete it and create a new one without affecting your primary email account.

Protect Your Crypto Assets From Phishing Attacks

You want to learn about phishing attacks, understand them, and protect your valuable accounts from malicious attacks.
There is no need to spend tens of hours researching phishing attacks and how they operate.
Please consider reading our articles or subscribing to our blog to receive short but informative articles about protecting your digital and crypto assets from hacks, scams, and accidents.

Some of our previous articles about phishing attacks and how to prevet them:
Two More Twitter (X) Accounts Hacked - Secure Your Accounts Now!
How To Recognize Ledger Scams - Three Phishing Attempts Explored
How To Identify Phishing Websites - 3 Free Tools
Be Careful! A Surprisingly Simple Way To Bypass 2FA

Stay vigilant, stay safe,
Crypto Safet First

Crypto Safety First

Subscribe
Enjoy this blog? Subscribe to CryptoSafetyFirst

11 Comments