Gemini Data Breach
Status: Confirmed
Breach Intelligence Summary
Entity: Gemini · Actor: Play · Source: DataBreach.com / ObscureIQ intelligence
Attack: Phishing via Compromised credentials
Timeline: Breach (Dec, 2022) · Reported (Dec, 2022) · Leak (8/29/25)
Exposure: 5.3M+ records · Email, Partial phone numbers, Phone Number
Status: Confirmed · Risk: Low (Phishing / SIM swap)
Summary
In December 2022 cryptocurrency exchange Gemini confirmed that the personal information of approximately 5.3 million customers had been exposed after a dataset surfaced on cybercrime forums. At first the leak was widely interpreted as a direct breach of Gemini’s systems. However investigations quickly revealed that the source was a third-party compromise at Twilio’s Authy service the two-factor authentication provider used by Gemini. The exposed information included email addresses and partial phone numbers tied to customer accounts. While no passwords or financial data were included in the leak the data was still significant enough to fuel highly targeted phishing and smishing campaigns against Gemini’s user base. Hackers had obtained the information following a sophisticated social-engineering attack against Twilio employees which gave intruders access to Authy’s systems. From there threat actors were able to pull phone numbers linked to millions of Authy accounts. This supply-chain weakness made Gemini and other Authy-integrated services indirect victims of the breach. Shortly after the leak appeared online Gemini customers began reporting waves of phishing attempts. Attackers impersonated Gemini support via email SMS WhatsApp and Telegram attempting to lure victims into providing login credentials or transferring cryptocurrency. The partial phone data also raised concerns about SIM-swap fraud a common attack vector in the crypto industry. Despite the size of the incident Gemini downplayed the severity at the time noting that “no account information or systems were breached.” Twilio for its part confirmed that Authy’s data had been accessed improperly and began requiring all users to re-verify devices. No class action lawsuits have yet been filed specifically over the Gemini/Authy exposure though consumer advocates have criticized both Gemini and Twilio for failing to provide timely transparent disclosures. Given the number of accounts involved and the direct reports of phishing harm legal action remains a possibility. The breach underscored the risks of third-party dependencies in authentication systems: even when a platform like Gemini avoids a direct compromise its customers can still be put at risk when a trusted vendor is infiltrated. For cryptocurrency users where account takeovers can mean irreversible financial loss the impact of such breaches is especially acute.
About Gemini
Gemini is the organization affected by this breach. User data may have been generated through account creation, service usage, or business operations.
If you have interacted with Gemini in any capacity, your data may be included in this breach.
Threat Actor: Play
This breach has been attributed to Play. The group is known for data theft campaigns targeting organizations through various intrusion methods.
- Compromised credentials
Breach Exploitation Status
Low
Status
Unknown
Possible
Unknown
Unknown
Unknown
1–3 years
Email addresses and usernames persist but credentials may rotate. Phishing risk remains elevated during this window.
Data Points Exposed
Dark Web Verification
Status: Confirmed
- Dataset containing approximately 5.3M+ records has been identified in breach intelligence sources.
- The data is indexed and searchable across breach notification platforms.
Impact
This breach carries low risk due to the nature of exposed data fields and the scale of affected records.
- Targeted phishing referencing Gemini accounts or services
- SIM-swap attempts where phone numbers are present
- Data broker enrichment and resale
Recommendations for Impacted Individuals
If you believe your information may be included:
Non-clients may request a breach impact review.
Gemini account updates
Password reset requests
Verify directly through official channels.
Email compromise is often the first pivot point.
Frequently Asked Questions
In Dec, 2022, Gemini experienced a data breach that resulted in the exposure of approximately 5.3M+ records containing personal information.
The exposed data includes Email, Partial phone numbers, Phone Number.
Approximately 5.3M+ records were affected based on current breach intelligence.
Yes. This breach is treated as confirmed based on data observed in breach intelligence platforms.
Data circulation has been reported across breach-sharing channels. Downstream exploitation risk exists based on the nature of the exposed fields.
Rotate passwords associated with Gemini, enable multi-factor authentication on email and financial accounts, and monitor for suspicious activity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-net-worth individuals face elevated risk. Our team provides full-spectrum exposure audits and threat monitoring.
Corporate Accountability
Organizations that collect personal data have a duty to implement reasonable safeguards and to notify affected individuals when breaches occur.
Scope assessments may evolve as investigations continue. Users should not rely solely on early estimates when making risk decisions.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Gemini
- Or simply concerned about credential reuse
We can confirm whether your information is circulating and evaluate downstream threat vectors.