Betterment Data Breach Exposed in Fake Crypto Scam Alert

A recent security incident at the automated investment service Betterment has exposed customer data, which attackers then used to send fraudulent cryptocurrency scam alerts. The company confirmed that hackers infiltrated certain internal systems last week through a social engineering attack targeting third-party platforms used for marketing and operations. This breach compromised sensitive personal details, including customer names, email and postal addresses, phone numbers, and dates of birth.

Armed with this information, the attackers sent a deceptive message to users, falsely promising to triple the value of their cryptocurrency holdings if they transferred $10,000 to a specified wallet. Betterment, which offers crypto investment options, detected the intrusion on the same day it occurred, January 9. The company states it immediately revoked the unauthorized access and initiated a thorough investigation with the assistance of a cybersecurity firm.

In communications to affected customers, Betterment advised them to ignore the fraudulent message. The firm emphasized that no customer accounts were accessed and that passwords or other login credentials remained secure. However, the company has not disclosed the total number of customers impacted by the data exposure or the subsequent scam attempt.

Notably, the webpage where Betterment published its official announcement about the breach contains a “noindex” tag in its source code. This technical directive instructs search engines not to catalog the page, potentially making it harder for the public to find details about the incident through general web searches. Representatives for Betterment did not provide additional commentary or specifics when contacted for further information. The investigation into the full scope and consequences of the attack is reportedly still ongoing.

(Source: TechCrunch)