Incident Details
CoinGecko, a top cryptocurrency data aggregator, faced a breach on June 5, 2024 via GetResponse email platform. Learn how it happened and its repercussions.
Incident
How Did the Breach Happen?
An attacker compromised a GetResponse employee's account, exporting 1,916,596 contacts from CoinGecko's GetResponse account.
What Data has been Compromised?
Personal info like users' names, email addresses, IP addresses, location of email opens, and account metadata were exposed.
Why Did the company's Security Measures Fail?
The breach occurred due to a compromised third-party employee account, highlighting the risk in vendor security.
What Immediate Impact Did the Breach Have on the company?
CoinGecko promptly blocked further email delivery and confirmed that no passwords were compromised.
How could this have been prevented?
Enhanced monitoring of third-party access and implementing stricter data export controls could have prevented this breach.
What have we learned from this data breach?
The incident underscores the importance of robust vendor security protocols and continuous monitoring for unusual activities.
Summary of Coverage
CoinGecko suffered a data breach through a compromised GetResponse account, leading to the exposure of significant user data.