Cryptocurrency data aggregator CoinGecko experienced a data breach through its third-party email marketing platform GetResponse on June 5.

The attacker exported nearly 2 million contacts from CoinGecko's GetResponse account after compromising a GetResponse employee's account, CoinGecko explained in a statement. The bad actor then sent 23,723 phishing emails from another GetResponse client's account. No malicious emails were sent from CoinGecko's domain.

While CoinGecko user accounts and passwords remained secure, the incident resulted in leaked data including users' names, emails, IP addresses and locations of email opens.

"We are actively investigating this situation with GetResponse and informing all affected users," CoinGecko said in the statement. "Additionally, we are thoroughly …