Coingecko suffer data breach | Bitcointalksearch.org

Z-tight

hero member

Activity: 994

Merit: 1089

Quote from: shield132 on June 16, 2024, 01:34:13 PM

I think that you should always be careful with your email, even if it's fresh and no one has hacked because there are many people who scan email addresses and send many kind of phishing links.

Yeah, you have to use your email address either in websites that you don't trust or in services that suffer data breaches, in order for you to be attacked by a phishing emails, my point is that your email address must first fall into the hands of bad actors for you to be attacked. Needless to say that it is great to have many email addresses, so you use some of them in websites that you do not trust, and then others for websites or services that you trust.

If you do things as i have said above, you'll know the mails to completely ignore and ther ones you should consider opening. Lastly, many phishing links redirects you to a page were you are asked to input your seed phrase, so you will be safe if you never input your seed phrase anywhere, except when importing it into another device.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: PX-Z on June 07, 2024, 12:18:10 PM

I wonder why attackers chose to attack coingecko. There's nothing that can be get there aside from usernames (login info) and few user emails.

If you have an account on CoinGecko, you are probably following one or more crypto projects listed there. Scammers will assume that you have various hardware/software wallets and exchanges. Using the leaked e-mail database, they will start sending out phishing e-mails stating that your wallet is locked, and to unlock it you need to verify your identity, enter your seed for verification, and similar schemes. Regardless of how ridiculous this seems to us, it still works and people fall for it. If they didn't scammers wouldn't bother to waste time on doing it.

shield132

hero member

Activity: 2352

Merit: 905

Metawin.com - Truly the best casino ever

Quote from: mk4 on June 07, 2024, 11:52:08 PM

For better opsec, always assume that whatever service you're using will be breached someday.

Especially with crypto-related services, I always use a separate email for these as I know it will be a total nightmare if one of the emails I've used on crypto services gets leaked. I won't be surprised if the old email I've used on Ledger is still heavily being spammed right now.

That's a good approach. I also suggest everyone to always use a different password on their email and any other account that they'll register via this email. If you use the same password and your account gets hacked, then hackers will try to use that password to log in to your email and if someone gets access to your email, you'll be in trouble.
Btw if you save your password in Google Chrome, Chrome will tell you if your password has already leaked. I don't think it's a good idea to save passwords in Google or even to use the Chrome browser.

Quote from: Z-tight on June 09, 2024, 05:45:20 PM

They are not even affected yet, until they fall for the phishing mail that the attacker is going to send. Those whom their data has been exposed should expect anything, so they should be careful of links they click, as scammers would be trying out ways for them to give out their seed phrase.

The attacker would probably not attack now that there is awareness on this issue, they don't mind waiting for a very long time, when many persons have forgotten about the incident, then they start sending out phishing mails, looking for victims to steal from.

I think that you should always be careful with your email, even if it's fresh and no one has hacked because there are many people who scan email addresses and send many kind of phishing links. One of my emails is full of phishing links but I have never clicked on any of them, I always look at the URL before I click, I also always check the sender. Email spoofing is very easy and no joke.

Darker45

legendary

Activity: 2576

Merit: 1860

Quote from: Z-tight on June 09, 2024, 05:45:20 PM

The attacker would probably not attack now that there is awareness on this issue, they don't mind waiting for a very long time, when many persons have forgotten about the incident, then they start sending out phishing mails, looking for victims to steal from.

Apparently, there were already tens of thousands of phishing emails sent almost immediately after the hack was done. There was no waiting time for these hackers. They're probably making the most out of it, to be the first to attempt to make money out of the victims, to try to catch as many victims as possible unaware as many of them might not have heard of the news right away, before they will sell the same set of data to other cybercriminals for their own batch of phishing emails. There will be waves of phishing emails for sure.

PX-Z

hero member

Activity: 1554

Merit: 880

pxzone.online

Quote from: Z-tight on June 09, 2024, 05:45:20 PM

The attacker would probably not attack now that there is awareness on this issue, they don't mind waiting for a very long time, when many persons have forgotten about the incident, then they start sending out phishing mails, looking for victims to steal from.

I don't think so, soon as this email list is spread or on-sale in dark market users who have email contacts on coingecko will probably receive spam email. Well, as long those emails are only for crypto stuff, it's easier to identify them by the email subject, don't mind reading them just eventually delete and report it as phishing and spam using gmail, i assume it can be done on other email provider too.

Z-tight

hero member

Activity: 994

Merit: 1089

Quote from: yhiaali3 on June 09, 2024, 03:14:47 PM

I do not think that hacking is dangerous to me because the data that is stolen is all secondary and worthless. This is why I always use a different email and name for each site. Those affected by hacking are those who use the same data in different locations.

They are not even affected yet, until they fall for the phishing mail that the attacker is going to send. Those whom their data has been exposed should expect anything, so they should be careful of links they click, as scammers would be trying out ways for them to give out their seed phrase.

The attacker would probably not attack now that there is awareness on this issue, they don't mind waiting for a very long time, when many persons have forgotten about the incident, then they start sending out phishing mails, looking for victims to steal from.

yhiaali3

legendary

Activity: 1848

Merit: 1982

Fully Regulated Crypto Casino

I use both Coingecko and Coinmarketcap, but with secondary accounts, meaning I use junk email. I use both accounts to get some rewards, candy, and airdrops through some simple tasks. I also sometimes create a special list of my favorite coins.

I do not think that hacking is dangerous to me because the data that is stolen is all secondary and worthless. This is why I always use a different email and name for each site. Those affected by hacking are those who use the same data in different locations.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: coin-investor on June 08, 2024, 09:37:03 AM

This got me thinking about changing the way I compile my portfolio, Coingecko portfolio format is so easy to use and I can access it anywhere even on my mobile or an internet cafe but with a breach like this it exposes your portfolio and your email you have something to worry about, I may have to use a spreadsheet again to monitor my portfolio.
Both Coingecko and Coimarketcap will always become a target because of the huge number of userbase they should upgrade their security to retain their loyal followers or they will look for a better and secured alternatives.

It should generally still be fine — just always make sure to have separate email addresses especially for crypto/finance related things. This can easily be done with premium email services with multiple email address alias features(you can also use custom domains). (Tuta/Protonmail/etc.)

logfiles

copper member

Activity: 2114

Merit: 1794

Top Crypto Casino

Quote from: hugeblack on June 08, 2024, 12:19:37 AM

I have reviewed their privacy policy^[1] and they have the right to keep your data, which may be used or sent to third parties. Therefore, CoinGecko does not present themselves as a service that cares about customer privacy, and the amount of data they can collect about you is small if you have knowledge of the basics of privacy.

Most of such services don't care about customer privacy anyway. That data is worth millions of dollars to them, so they will find every way possible to retain it or sent it to third parties.
With retention of data comes a lot of responsibility, so at some point in time, they always end up getting breached. Imagine these are just the breaches we know about, there are those that go unnoticed.

BITCOIN4X

legendary

Activity: 1974

Merit: 1150

I don't really remember if I've ever created an account on CG before, but if I had, I think I just used a disposable email.
In use, disposable email does not have to always be active on the device we use, meaning the email will only be active when the user logs in to their Google account. I recommend a disposable email (new email) on every new site you want to create an account on, this could include casinos or anything that requires you to have an account.

However, regarding this data breach case, I think every user deserves to be warned to be careful when there are phishing or other dangerous attempts. Of course, scammer will target users who own crypto. Thank you for telling me, Eternad.

salad daging

hero member

Activity: 1624

Merit: 791

Bitcoin To The Moon 📈📈📈

I just realized there was an email from Coingecko that suffered a data breach because this message went to the promotions -> Gmail section.

So far I have an account at Coingecko because only for some airdrop tasks completed there in the past, but what I read they only GetResponse CoinGecko only sent 23,723 phishing messages excluding me because I did not receive it.

So far I created an online portfolio on Coinmarketcap, this may have become a habit so always look there.

coin-investor

hero member

Activity: 2996

Merit: 598

Leading Crypto Sports Betting & Casino Platform

Quote from: _act_ on June 07, 2024, 08:15:25 AM

I use both Coingecko and Coinmarketcap but not with emails. You can use this sites without email if you do not want to have portfolio on the site. I will prefer to have offline portfolio instead of online ones. I believe people's portfolio would have also been seen by the hackers. Coinmarketcap have been hacked before I think, this should not be surprising and it will not be the last.

This got me thinking about changing the way I compile my portfolio, Coingecko portfolio format is so easy to use and I can access it anywhere even on my mobile or an internet cafe but with a breach like this it exposes your portfolio and your email you have something to worry about, I may have to use a spreadsheet again to monitor my portfolio.
Both Coingecko and Coimarketcap will always become a target because of the huge number of userbase they should upgrade their security to retain their loyal followers or they will look for a better and secured alternatives.

famososMuertos

legendary

Activity: 1890

Merit: 2995

LE ☮︎ Halving es la purga

Nowadays, it is up to you to protect yourself from these types of situations. You should never expect that the App's you provide registration information to will "forever" comply with the protection of personal information provided in a registration.
Submit and registration standards are obsolete in most App's.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

As someone who prefer CoinGecko rather than CMC, it's not good news even though i never bother create account in either website. I also find it's weird nobody have mentioned official CoinGecko response which can be seen https://www.coingecko.com/learn/getresponse-data-breach-june-2024. It seems they don't have plan switch to different email provider.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: PX-Z on June 07, 2024, 12:18:10 PM

I wonder why attackers chose to attack coingecko. There's nothing that can be get there aside from usernames (login info) and few user emails. Well, they might discovered some loop hole of the security, but i still wondering the benefits gets from hacking the site. Not to mention, i doesn't have an account there.

So that they can send phishing emails to the users, obviously. These are mostly people who hold crypto so they will be targeted by all sorts of malware and malicious links carried inside the email message.

passwordnow

hero member

Activity: 3108

Merit: 577

Leading Crypto Sports Betting & Casino Platform

I guess those that have details on them are ones who are representative of each project and as well as those individuals that have participated their candies airdrop or in particular like that. Fortunate for those that don't register on them and just casually visits them to check the price of everything. But that's unfortunate for those that have an account there. I hope that someone who's a security expert will dive down on those black/dark marketplaces where they're selling these data.

Because that's how likely what's going to happen that the hacker will sold the data from their website and have it sold on that area. I'm just not sure about the terms about their purchase but once it's been taken away, there's no way to do a stoppage of the spread of it and being passed down to other third parties. We really don't know if the platforms we're using are going to protect us with our data even if they say so. What we can do is to protect ourselves and if you've got a lot of time, use spare emails and if it is not necessary to input your important details, don't do it.

hugeblack

legendary

Activity: 2646

Merit: 3911

I have reviewed their privacy policy^[1] and they have the right to keep your data, which may be used or sent to third parties. Therefore, CoinGecko does not present themselves as a service that cares about customer privacy, and the amount of data they can collect about you is small if you have knowledge of the basics of privacy.

In general, it should be assumed that your data will be exploited, and therefore it is better to use email providers with better techniques to combat phishing links and provide an additional address (alias) that can be closed or frozen at any moment.

[1] https://www.coingecko.com/en/privacy

avp2306

sr. member

Activity: 1022

Merit: 363

Quote from: Eternad on June 07, 2024, 08:12:01 AM

Anyone has an account on coingecko is affected on this data breach which was released on their announcement email today. The data breach was happened last June 5 and all user details are compromised.

What Data was Compromised?

We have determined that your personal information was unfortunately compromised in this incident. This information may include:

Name (if provided during sign-up)
Email address
IP address and location of email opens
Other metadata such as account sign-up date, subscription plan

Expect the unexpected on your emails about potential scam mail since hacker might sell all the users email info to scammer and other shady services.

Another incident that remind people to secure their personal details since data breaching like this would really happen. And if they don't have any other deals or activities to be done on this site then better not to sign a account since we don't know if there would be more worse than this and our data will be use to hack the accounts we have on different platforms.

By the way if someone want to read about this news you can check this one https://cryptobriefing.com/coingecko-data-breach-update

I think nothing serious happen but still they need to be careful since those hackers might attack people and send them those unwanted emails. Also glad I didn't have an account here so there's nothing to worried regarding on this incident. Lastly always use dummy gmail for signing up on any platform.

pinggoki

sr. member

Activity: 1498

Merit: 416

Quote from: PX-Z on June 07, 2024, 12:18:10 PM

I wonder why attackers chose to attack coingecko. There's nothing that can be get there aside from usernames (login info) and few user emails. Well, they might discovered some loop hole of the security, but i still wondering the benefits gets from hacking the site. Not to mention, i doesn't have an account there.

They need the identities, much more valuable than money sometimes because when they come for money, that's it usually, they end up losing it eventually but with stolen identities, they can just easily ask for a bank loan without the worry of having to pay it back because that's not them and then at the same time, they're not the one that would get asked by the bank for repayments but the real person behind the stolen identity. To fully understand the reasoning behind this, I want you to ask yourself this question, are you the kind of person that when given the offer to be someone else and no one would know that it's not who you really are, would you take that offer? Pretty sure that you would and then you'd understand why a lot of people do want information and steal them.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

For better opsec, always assume that whatever service you're using will be breached someday.

Especially with crypto-related services, I always use a separate email for these as I know it will be a total nightmare if one of the emails I've used on crypto services gets leaked. I won't be surprised if the old email I've used on Ledger is still heavily being spammed right now.

Topic: Coingecko suffer data breach (Read 306 times)