Betterment confirms data breach, tells customers to beware crypto scam notifications

News
By published

A Betterment employee was tricked into sharing login credentials

Security alert showing on a computer monitor
(Image credit: pixabay | Elchinator)
  • Betterment employee credentials stolen, enabling phishing emails via third-party platform
  • Attackers accessed personal data: names, emails, addresses, phones, birth dates
  • No accounts breached, but stolen data may fuel future phishing scams

Investment platform Betterment has revealed it was breached recently, with its infrastructure used to send out phishing emails to customers.

In a data breach notification, published on the company’s website, Betterment said an unidentified threat actor tricked one of its employees into sharing login credentials for a third-party software platform it uses.

“This means the individual used identity impersonation and deception to gain access, rather than compromising our technical infrastructure,” the notification reads.

Personal data stolen

Without naming the platform that was abused, Betterment said that the attackers used their access to send “fraudulent, crypto-related messages that appeared to come from Betterment.” A “subset” of customers was targeted, and Betterment reached out to warn about the obvious phishing attack.

The company did not say how many people were targeted in this attack, but did stress that it takes cyberattacks “very seriously”, that it revoked the unauthorized access, and launched a “comprehensive investigation”.

Betterment further explained no customer accounts were compromised in this attack, and that users are protected “by multiple layers of security”.

Still, the attackers managed to walk away with sensitive personal data - names, email addresses, postal addresses, phone numbers, and dates of birth.

“We encourage all customers to remain vigilant and to be cautious of unexpected communications,” Betterment concluded. “Please remember that Betterment will never call, text, or email you with a request to share your password or other sensitive personal information.”

So far, no hacking group has claimed responsibility for this attack, and there is no evidence of the data being abused in the wild.

Still, information like this is often used to launch convincing phishing attacks, through which crooks might be able to compromise Betterment accounts. Since the platform is used, among other things, for automated investing, cybercriminals could end up stealing a lot of money from unaware users.

Via TechCrunch

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.