- Improvement employee credentials stolen, enabling phishing emails via third-party platform
- Attackers gained access to personal data: names, e-mails, addresses, telephones, dates of birth
- No accounts breached, but stolen data could give rise to future phishing scams
Investment platform Betterment has revealed that it was breached recently, with its infrastructure used to send out phishing emails to clients.
In a data breach notice posted on the company’s website, Betterment said an unidentified threat actor tricked one of its employees into sharing login information for a third-party software platform it uses.
“This means the individual used impersonation and deception to gain access, rather than compromising our technical infrastructure,” the announcement reads.
Personal data stolen
Without naming the platform that was abused, Betterment said the attackers used their access to send “fraudulent, crypto-related messages that appeared to come from Betterment.” A “subset” of customers was targeted, and Betterment reached out to warn about the apparent phishing attack.
The company did not say how many people were targeted in this attack, but stressed that it takes cyber attacks “very seriously”, that it revoked the unauthorized access and launched a “comprehensive investigation”.
Betterment further explained that no customer accounts were compromised in this attack and that users are protected “by multiple layers of security.”
Still, the attackers managed to walk away with sensitive personal data – names, email addresses, postal addresses, phone numbers and dates of birth.
“We encourage all customers to remain vigilant and be wary of unexpected communications,” Betterment concluded. “Please remember that Betterment will never call, text or email you with a request to share your password or other sensitive personal information.”
So far, no hacker group has claimed responsibility for this attack, and there is no evidence that the data has been misused in the wild.
Yet information like this is often used to launch convincing phishing attacks through which crooks may be able to compromise Betterment accounts. As the platform is used, among other things, for automated investment, cybercriminals can end up stealing a lot of money from unwitting users.
Via TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
