The attacker exported nearly 2 million contacts from CoinGecko's GetResponse account before sending 23,723 phishing emails from another GetResponse client's account.