Fintech firm Betterment confirms data breach after hackers send fake crypto scam notification to users

Automated concern level Betterment has confirmed that hackers broke into immoderate of its systems past week and accessed the idiosyncratic accusation of an undisclosed fig of its customers. 

In an email sent connected Monday, which TechCrunch has seen, Betterment said that hackers gained entree to immoderate institution systems connected January 9 by mode of a societal engineering attack, which progressive “third-party platforms” that the institution uses for selling and operations. 

The institution said lawsuit names, email addresses and postal addresses, telephone numbers, and dates of commencement were compromised successful the attack.

With this access, hackers were capable to nonstop a fraudulent notification to users, claiming to triple the worth of their crypto by sending $10,000 to a wallet controlled by the attacker, arsenic reported by The Verge. 

Betterment, which allows customers to put successful crypto, besides published an announcement astir the breach connected its website, but did not disclose however galore customers were targeted, nor however galore had their idiosyncratic accusation accessed, stolen, oregon seen by the hackers. 

Betterment added that it detected the onslaught connected the aforesaid time and “immediately revoked the unauthorized entree and launched a broad investigation, which is ongoing,” with the assistance of an unspecified cybersecurity firm. Betterment besides said it has reached retired to the customers targeted by the hackers and “advised them to disregard the message.”

“Our ongoing probe has continued to show that nary lawsuit accounts were accessed and that nary passwords oregon different log-in credentials were compromised,” Betterment wrote successful the email.

Representatives for Betterment did not instantly respond to a petition for remark asking for much details astir the attack. 

As of the clip of publication, Betterment’s information incidental web leafage contains a hidden “noindex” tag successful its root code, which tells hunt engines to disregard the page, making it much hard for anyone searching the web to observe accusation astir the information breach.