Betterment suffered a January breach that exposed personal data from 1,435,174 accounts, including email addresses, names, and other contact and identifying details. Attackers also sent fraudulent promotional emails to solicit cryptocurrency, and a CrowdStrike-supported forensic investigation reported no evidence that customer account credentials were accessed. #Betterment #CrowdStrike
Keypoints
- Hackers breached Betterment in January, exposing 1,435,174 accounts.
- Stolen data included emails, names, geographic locations, birthdates, addresses, phone numbers, and device information.
- Attackers sent fake promotional emails attempting to trick customers into sending cryptocurrency to attacker-controlled wallets.
- Betterment experienced intermittent outages due to a DDoS attack and reported an associated extortion attempt.
- A CrowdStrike-supported forensic investigation found no evidence that customer accounts, passwords, or login information were compromised.