Automated funding platform Betterment has confirmed that hackers broke into a few of its methods final week and accessed the non-public info of an undisclosed variety of its prospects.
In an electronic mail despatched on Monday, which information.killnetswitch has seen, Betterment mentioned that hackers gained entry to some firm methods on January 9 by the use of a social engineering assault, which concerned “third-party platforms” that the corporate makes use of for advertising and operations.
The corporate mentioned buyer names, electronic mail addresses and postal addresses, cellphone numbers, and dates of delivery had been compromised within the assault.
With this entry, hackers had been capable of ship a fraudulent notification to customers, claiming to triple the worth of their crypto by sending $10,000 to a pockets managed by the attacker, as reported by The Verge.
Betterment, which permits prospects to spend money on crypto, additionally revealed an announcement concerning the breach on its web site, however didn’t disclose what number of prospects had been focused, nor what number of had their private info accessed, stolen, or seen by the hackers.
Betterment added that it detected the assault on the identical day and “instantly revoked the unauthorized entry and launched a complete investigation, which is ongoing,” with the assistance of an unspecified cybersecurity agency. Betterment additionally mentioned it has reached out to the purchasers focused by the hackers and “suggested them to ignore the message.”
“Our ongoing investigation has continued to exhibit that no buyer accounts had been accessed and that no passwords or different log-in credentials had been compromised,” Betterment wrote within the electronic mail.
Techcrunch occasion
San Francisco
|
October 13-15, 2026
Representatives for Betterment didn’t instantly reply to a request for remark asking for extra particulars concerning the assault.
As of the time of publication, Betterment’s security incident net web page incorporates a hidden “noindex” tag in its supply code, which tells search engines like google to disregard the web page, making it tougher for anybody looking the net to find details about the data breach.
