- Betterment employee credentials stolen, enabling phishing emails via third-party platform
- Attackers accessed personal data: names, emails, addresses, phones, birth dates
- No accounts breached, but stolen data may fuel future phishing scams
Investment platform Betterment has revealed it was breached recently, with its infrastructure used to send out phishing emails to customers.
In a data breach notification, published on the company’s website, Betterment said an unidentified threat actor tricked one of its employees into sharing login credentials for a third-party software platform it uses.
“This means the individual used identity impersonation and deception to gain access, rather than compromising our technical infrastructure,” the notification reads.
Personal data stolen
Without naming the platform that was abused, Betterment said that the attackers used their access to send “fraudulent, crypto-related messages that appeared to come from Betterment.” A “subset” of customers was targeted, and Betterment reached out to warn about the obvious phishing attack.
The company did not say how many people were targeted in this attack, but did stress that it takes cyberattacks “very seriously”, that it revoked the unauthorized access, and launched a “comprehensive investigation”.
Betterment further explained no customer accounts were compromised in this attack, and that users are protected “by multiple layers of security”.
Still, the attackers managed to walk away with sensitive personal data – names, email addresses, postal addresses, phone numbers, and dates of birth.
“We encourage all customers to remain vigilant and to be cautious of unexpected communications,” Betterment concluded. “Please remember that Betterment will never call, text, or email you with a request to share your password or other sensitive personal information.”
So far, no hacking group has claimed responsibility for this attack, and there is no evidence of the data being abused in the wild.
Still, information like this is often used to launch convincing phishing attacks, through which crooks might be able to compromise Betterment accounts. Since the platform is used, among other things, for automated investing, cybercriminals could end up stealing a lot of money from unaware users.
Via TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/j6R5KDGDpr66raLwf9Bpd3-1920-80.jpg
Source link
