- Betterment employee credentials stolen, allowing phishing emails to be sent through a third-party platform
- The attackers accessed personal data: names, emails, addresses, telephone numbers, dates of birth.
- No accounts were compromised, but stolen data could fuel future phishing scams
Investment platform Betterment has revealed that it was recently breached and its infrastructure was used to send phishing emails to customers.
In a data breach notification, posted on the company’s website, Betterment said that an unidentified threat actor tricked one of its employees into sharing login credentials for a third-party software platform it uses.
“This means that the individual used phishing and deception to gain access, rather than compromising our technical infrastructure,” the notice reads.
Stolen personal data
Without naming the platform that was abused, Betterment said the attackers used their access to send “fraudulent cryptocurrency-related messages that appeared to come from Betterment.” A “subset” of customers were targeted and Betterment reached out to warn about the obvious phishing attack.
The company did not specify how many people were subject to this attack, but stressed that it takes cyberattacks “very seriously”, that it revoked unauthorized access and began a “thorough investigation.”
Betterment further explained that no customer accounts were compromised in this attack and that users are protected “by multiple layers of security.”
Even so, the attackers managed to take sensitive personal data: names, email addresses, postal addresses, telephone numbers and dates of birth.
“We encourage all customers to remain vigilant and be cautious of unexpected communications,” Betterment concluded. “Please remember that Betterment will never call, text, or email you asking you to share your password or other sensitive personal information.”
So far, no hacking group has claimed responsibility for this attack and there is no evidence that data has been abused in the wild.
Still, information like this is often used to launch convincing phishing attacks, through which criminals could compromise Betterment accounts. Since the platform is used, among other things, for automated investments, cybercriminals could end up stealing a large amount of money from unsuspecting users.
Through TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
