Monetary providers agency Wealthsimple discloses data breach

Wealthsimple, a number one Canadian on-line funding administration service, has disclosed a data breach after attackers stole the private knowledge of an undisclosed variety of prospects in a current incident.

Based in 2014 and headquartered in Toronto, the monetary providers agency holds over CAD$84.5 billion in property (roughly $61 billion). It gives a variety of monetary merchandise focusing on investments, buying and selling, cryptocurrency, tax submitting, spending, and financial savings to over 3 million Canadians.

Wealthsimple’s Android app has over 1 million downloads on the Google Play Retailer, whereas its iOS app has collected over 126,000 scores from Apple customers.

As shared in an official assertion and breach notifications emailed to prospects (seen by BleepingComputer), the corporate detected the breach on August thirtieth.

Wealthsimple said that the attackers didn’t steal any funds and didn’t compromise passwords, making certain that every one buyer accounts stay safe.

“We realized {that a} particular software program package deal that was written by a trusted third social gathering had been compromised. This resulted in private knowledge belonging to lower than 1% of our shoppers being accessed with out authorization for a quick interval,” Wealthsimple stated.

“Data that was accessed was private data like contact particulars, authorities IDs supplied through the Wealthsimple sign-up course of, monetary particulars, similar to account numbers, IP tackle, Social Insurance coverage Quantity, or date of delivery.”

Since detecting the incident, the monetary providers firm has notified impacted prospects through e-mail, and it’s now offering them with two years of complimentary credit score monitoring, in addition to dark-web monitoring, identification theft safety, and insurance coverage.

Affected prospects are suggested to safe their accounts utilizing two-factor authentication (2FA) with an authenticator app, by no means reuse passwords, and stay vigilant in opposition to potential phishing makes an attempt impersonating Whealthsimple.

Breach doubtless a part of Salesloft supply-chain assault

Whereas the corporate did not present any data on how the attackers gained entry to the purchasers’ private data, the small print shared within the assertion and data breach notifications counsel that the corporate might have been one of many victims in a current wave of Salesforce data breaches linked to the ShinyHunters extortion group.

We have now reached out to Wealthsimple with questions in regards to the incident and to verify how the attackers stole its prospects’ knowledge, however a response was not instantly obtainable. Nevertheless, BleepingComputer has discovered a Salesloft occasion on a Wealthsimple subdomain that seems to be at present inactive. Earlier right this moment, ShinyHunters confirmed to BleepingComputer that the Wealthsimple breach was additionally a part of the Salesloft supply-chain assault.

Because the begin of the yr, ShinyHunters has focused Salesforce prospects in knowledge theft assaults utilizing voice phishing, which led to data breaches impacting high-profile firms like Google, Cisco, Allianz Life, Qantas, Adidas, Farmers Insurance coverage, Workday, and LVMH subsidiaries, together with Dior, Louis Vuitton, and Tiffany & Co.

Extra not too long ago, the cybercrime gang shifted to utilizing stolen OAuth tokens for Salesloft’s Drift AI chat integration with Salesforce to compromise Salesforce cases and steal delicate data, similar to passwords, Snowflake tokens, and AWS entry keys, from help tickets and help messages from its victims’ prospects.

Utilizing this tactic, ShinyHunters has additionally gained entry to a small variety of Google Workspace accounts and breached the Salesforce cases of a number of cybersecurity firms, together with Cloudflare, Palo Alto Networks, Zscaler, Tenable, Proofpoint, CyberArk, BeyondTrust, JFrog, Cato Networks, and Rubrik.