HomeNewsBreachesAbout
Account
gemini-2022

Gemini (2022) Breach

Dec 13, 2022

5,272,800 rows

Added on Aug 29, 2025

Search the Leak

Email
Phone Number

What happened in the Gemini (2022) Breach?

DataBreach.com Team · August 28th 2025, 8:00 pm EDT

In December 2022, cryptocurrency exchange Gemini confirmed that the personal information of approximately 5.3 million customers had been exposed after a dataset surfaced on cybercrime forums. At first, the leak was widely interpreted as a direct breach of Gemini’s systems. However, investigations quickly revealed that the source was a third-party compromise at Twilio’s Authy service, the two-factor authentication provider used by Gemini.  
   
The exposed information included email addresses and partial phone numbers tied to customer accounts. While no passwords or financial data were included in the leak, the data was still significant enough to fuel highly targeted phishing and smishing campaigns against Gemini’s user base.   
Hackers had obtained the information following a sophisticated social-engineering attack against Twilio employees, which gave intruders access to Authy’s systems. From there, threat actors were able to pull phone numbers linked to millions of Authy accounts. This supply-chain weakness made Gemini and other Authy-integrated services indirect victims of the breach.  
   
Shortly after the leak appeared online, Gemini customers began reporting waves of phishing attempts. Attackers impersonated Gemini support via email, SMS, WhatsApp, and Telegram, attempting to lure victims into providing login credentials or transferring cryptocurrency. The partial phone data also raised concerns about SIM-swap fraud, a common attack vector in the crypto industry.  
   
Despite the size of the incident, Gemini downplayed the severity at the time, noting that “no account information or systems were breached.” Twilio, for its part, confirmed that Authy’s data had been accessed improperly and began requiring all users to re-verify devices.  
   
No class action lawsuits have yet been filed specifically over the Gemini/Authy exposure, though consumer advocates have criticized both Gemini and Twilio for failing to provide timely, transparent disclosures. Given the number of accounts involved and the direct reports of phishing harm, legal action remains a possibility.  
   
The breach underscored the risks of third-party dependencies in authentication systems: even when a platform like Gemini avoids a direct compromise, its customers can still be put at risk when a trusted vendor is infiltrated. For cryptocurrency users, where account takeovers can mean irreversible financial loss, the impact of such breaches is especially acute.

For media inquiries, contact us at contact@databreach.com