Gemini

What Happened

In late 2022, data allegedly taken from the Gemini crypto exchange was posted to a public hacking forum. The data consisted of email addresses and partial phone numbers, which Gemini later attributed to an incident at a third-party vendor. The source of the breach was later established as being Twilio who described the incident as stemming from "a sophisticated social engineering attack designed to steal employee credentials". The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".

Compromised Data

Email addresses
Partial phone numbers

Recommended Actions

Monitor for Suspicious Activity

Watch for unusual login attempts, spam and phishing emails.

1Password

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password

Breach Overview

  • Affected Accounts:

    5.3 million

  • Breach Occurred:

    December 2022

  • Added to HIBP:

    16 Dec 2022

Recommended Actions

Change Your Password

If you haven't changed your Gemini password since 2022, do so immediately.

Enable Two-Factor Authentication

Add an extra layer of security to your account.

Check Other Accounts

If you used the same password elsewhere, change those too.

Monitor for Suspicious Activity

Watch for unusual login attempts or messages from your account.

1Password

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password