- Betterment’s employee credentials compromised, facilitating phishing attacks through an external platform
- Sensitive personal information accessed: names, email addresses, physical addresses, phone numbers, and birth dates
- No customer accounts were compromised; however, the stolen data poses a risk for future phishing schemes
Investment platform Betterment has reported a recent security breach involving its system being exploited to dispatch phishing emails targeting customers.
In their data breach notification released on the company’s website, Betterment indicated that an unidentified adversary deceived an employee into divulging login credentials for a third-party software platform they utilize.
As stated in the notification, the breach involved identity deception for access rather than a direct attack on their technical infrastructure.
Compromised Personal Data
While the specific platform exploited remains unnamed, Betterment noted that the unauthorized access was used to send deceptive, cryptocurrency-related messages that appeared to originate from the company. A “subset” of customers was targeted, prompting Betterment to alert them regarding the phishing attempt.
The company did not disclose the number of individuals affected, but emphasized its serious approach to cybersecurity, confirming the termination of unauthorized access and the initiation of a thorough investigation.
Betterment reassured that no customer accounts were breached, as they maintain various layers of security to protect their users.
Nevertheless, the attackers acquired sensitive personal information, including names, email addresses, physical addresses, phone numbers, and dates of birth.
In conclusion, Betterment recommends that customers maintain vigilance and exercise caution toward any unsolicited communications. They emphasized that the company will never make an unsolicited request for sensitive information such as passwords via phone, text, or email.
Currently, no cybercriminal organization has claimed responsibility for the breach, and there is no evidence suggesting that the stolen data is being utilized for malicious purposes at this time.
However, the compromised information can potentially lay the groundwork for future phishing attempts, allowing cybercriminals to exploit Betterment accounts. Given that the platform is frequently used for automated investing, this poses a risk of substantial financial losses for unsuspecting users.
Via TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
