We would like to share an update with our community on the incident that took place earlier this month.
A breach on email service provider SendGrid’s database caused CoinTracker user emails to be exposed. Upon careful analysis, we have concluded that there was no breach of CoinTracker’s database.
We understand that the breach on SendGrid’s system happened when an employee of Twilio (SendGrid’s parent company) exposed their corporate credentials.
The extent of the leak appears to be email addresses only. No financial data or phone numbers were exposed. While the dataset found online included alleged phone numbers, CoinTracker does not collect phone numbers. To verify even further, we checked the exposed phone numbers against real phone numbers volunteered by a sample of users. None of the real numbers matched the alleged numbers in the leaked data.
As soon as we became aware of the incident, we emailed impacted users and communicated on Twitter. Please see the post for additional security best practices.
We are disappointed that this happened. We take care to protect our users’ data and work hard to ensure that our partners also have best security practices.
We recommend that users remain vigilant against potential attacks and take necessary precautions. If you have any questions or need help, please do not hesitate to reach out to us at [email protected]. We’ll be sure to take care of your request.