金融科技公司Betterment證實數據洩露，駭客向用戶發送虛假加密貨幣詐騙通知

Topics

Latest

AI

Amazon

Apps

Biotech & Health

Climate

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

Startups

TikTok

Transportation

Venture

More from TechCrunch

Staff

Events

Startup Battlefield

StrictlyVC

Newsletters

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

Fintech firm Betterment confirms data breach after hackers send fake crypto scam notification to users

Automated investment platform Betterment has confirmed that hackers broke into some of its systems last week and accessed the personal information of an undisclosed number of its customers.

In an email sent on Monday, which TechCrunch has seen, Betterment said that hackers gained access to some company systems on January 9 by way of a social engineering attack, which involved “third-party platforms” that the company uses for marketing and operations.

The company said customer names, email addresses and postal addresses, phone numbers, and dates of birth were compromised in the attack.

With this access, hackers were able to send a fraudulent notification to users, claiming to triple the value of their crypto by sending $10,000 to a wallet controlled by the attacker, as reported by The Verge.

Betterment, which allows customers to invest in crypto, also published an announcement about the breach on its website, but did not disclose how many customers were targeted, nor how many had their personal information accessed, stolen, or seen by the hackers.

Betterment added that it detected the attack on the same day and “immediately revoked the unauthorized access and launched a comprehensive investigation, which is ongoing,” with the help of an unspecified cybersecurity firm. Betterment also said it has reached out to the customers targeted by the hackers and “advised them to disregard the message.”

“Our ongoing investigation has continued to demonstrate that no customer accounts were accessed and that no passwords or other log-in credentials were compromised,” Betterment wrote in the email.

Representatives for Betterment did not immediately respond to a request for comment asking for more details about the attack.

As of the time of publication, Betterment’s security incident web page contains a hidden “noindex” tag in its source code, which tells search engines to ignore the page, making it more difficult for anyone searching the web to discover information about the data breach.

Topics

Senior Reporter, Cybersecurity

Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.

You can contact or verify outreach from Lorenzo by emailing [email protected], via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.

Plan ahead for the 2026 StrictlyVC events. Hear straight-from-the-source candid insights in on-stage fireside sessions and meet the builders and backers shaping the industry. Join the waitlist to get first access to the lowest-priced tickets and important updates.