Blog Details

Hackers stole email addresses and totally different internal most files from 1.4 million accounts after breaching the programs of automated investment platform Betterment in January.

Betterment affords a mixture of automated investment tools and monetary advisory services and products and is realistic a pioneer within the U.S. “robo-advisory” sector. In total, the fintech company manages $65 billion in sources for greater than one million prospects.

While Betterment has no longer disclosed the total different of affected folks, knowledge breach notification carrier Comprise I Been Pwned analyzed the stolen knowledge and said the breach exposed 1,435,174 accounts, in conjunction with email addresses, names, and geographic plight knowledge.

The compromised files furthermore includes dates of starting up, bodily addresses, phone numbers, instrument files, employers’ geographic locations, and job titles.

Betterment disclosed on January 10 that the risk actors furthermore despatched unsuitable emails disguised as an organization promotion after having derive admission to to some of its programs in a social engineering attack, attempting to entice focused prospects into a reward scam that claimed to triple the amount of cryptocurrency despatched to attacker-managed Bitcoin and Ethereum wallets.

“This is not a real offer and should be disregarded. If you clicked on the offer notification, it did not compromise the security of your Betterment account,” Betterment warned. “The unauthorized access has been removed, and at this time we have no indication that the unauthorized individual had any access to Betterment customer accounts.”

After BleepingComputer reported on January 13 that Betterment change into below a dispensed denial-of-carrier (DDoS) attack and change into being extorted, the company confirmed that intermittent net bid material and cellular app outages had been because of a DDoS attack, however has yet to fragment any files on the extortion attempt.

Earlier this week, Betterment issued yet any other statement announcing that a convention-up forensic investigation, conducted in collaboration with the cybersecurity company CrowdStrike, found that no customer accounts had been compromised within the breach.

“Our forensic investigation, supported by the cybersecurity firm, CrowdStrike, has confirmed that no customer accounts, passwords, or login information were compromised as part of the January 9 incident,” the company said.

“Our analysis continues to indicate that the primary privacy impact involved certain customer contact information, including names and emails. In a subset of cases, contact information was coupled with other customer information, such as physical addresses, phone numbers, or birthdates.”

A Betterment spokesperson has yet to retort after BleepingComputer reached out with questions after the incident.