- Betterment employee credentials were stolen, allowing phishing emails to be sent through a third-party platform.
- The attackers accessed personal data: names, emails, addresses, telephone numbers, dates of birth
- No accounts were hacked, but stolen data could fuel future phishing scams
Investing platform Betterment revealed that it was recently hacked and its infrastructure was used to send phishing emails to customers.
In a data breach notification, posted on the company’s website, Betterment said an unidentified malicious actor tricked one of its employees into sharing login credentials for a third-party software platform it uses.
“This means the individual used impersonation and deception to gain access, rather than compromise, our technical infrastructure,” the notification said.
Stolen personal data
Without naming the platform that was abused, Betterment said the attackers used their access to send “fraudulent crypto-related messages that appeared to come from Betterment.” A “subset” of customers were targeted and Betterment contacted to warn of the obvious phishing attack.
The company did not specify how many people were targeted in this attack, but stressed that it takes cyberattacks “very seriously”, has revoked the unauthorized access and launched a “thorough investigation”.
Betterment further explained that no customer accounts were compromised in this attack and that users were protected “by multiple layers of security.”
The attackers nevertheless managed to leave with sensitive personal data: names, email addresses, postal addresses, telephone numbers and dates of birth.
“We encourage all customers to remain vigilant and be wary of unexpected communications,” Betterment concluded. “Remember, Betterment will never call, text, or email you to ask you to share your password or other sensitive personal information.”
So far, no hacker group has claimed responsibility for this attack, and there is no evidence of data abuse in the wild.
Yet such information is often used to launch convincing phishing attacks, through which scammers could compromise Betterment accounts. Since the platform is used, among other things, for automated investments, cybercriminals could end up stealing a lot of money from unaware users.
Via TechCrunch
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
