From their notice:
CoinGecko, the world’s largest independent cryptocurrency data aggregator, experienced a data breach on June 5, 2024, through its third-party email platform, GetResponse.
How did the data breach happen?
On June 5, 2024, around 06:30 AM UTC, we detected unusual activity on our third-party email marketing platform, GetResponse. An attacker had compromised a GetResponse employee’s account, leading to a breach. We received confirmation from the GetResponse team on 6 June, 2024, at 11:58 AM UTC, that a data breach had occurred.
While no phishing emails were sent from CoinGecko’s domain, the attacker exported 1,916,596 contacts from CoinGecko’s GetResponse account and sent phishing emails to 23,723 emails from another GetResponse client’s account (alj.associates). This activity was flagged by one of our employees, and we worked with GetResponse to promptly block further email delivery.
What data was compromised?
Personal information that was unfortunately compromised in this incident included users’ name (if provided during sign-up), email address, IP address and location of email opens as well as other metadata, such as account sign-up date and subscription plan.
CoinGecko user accounts remain secure, and no passwords were compromised.
How do I know if I was affected?
We have directly notified users affected by the data breach, through email.
Read more at CoinGecko.