"Betterment, which offers automated investment and financial planning services, first disclosed the breach in January after detecting unauthorized access to certain internal systems on January 9. Betterment said the hacker gained entry through a social engineering scheme that relied on impersonation to infiltrate third-party marketing and operations tools, then used that access to send customers a fraudulent cryptocurrency promotion disguised as an official company message."
"In its most recent customer update, published on February 3, Betterment said the intrusion did not expose customer accounts, passwords, or login credentials, and the fallout involved customer contact details, including names and email addresses. For a subset of users, the accessed data also included additional information such as physical mailing addresses, phone numbers, or dates of birth. It is working with an independent data analytics provider to review material allegedly posted online by a group claiming responsibility for the breach."
Have I Been Pwned added the Betterment incident to its database and says the dataset contains about 1.4 million unique email addresses plus partial personal information. Betterment detected unauthorized access on January 9 after a social-engineering scheme impersonated third-party marketing and operations tools. The attacker used that access to send customers a fraudulent cryptocurrency promotion disguised as an official message. Betterment said the intrusion did not expose customer accounts, passwords, or login credentials. Exposed data included names and email addresses, and, for some users, mailing addresses, phone numbers, or dates of birth. The company is working with an independent data analytics provider to review material allegedly posted online. The ShinyHunters group claimed voice-phishing Okta single sign-on codes and asserted a 20 million-record leak, though the group's leak site was offline.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]