Automated funding platform Betterment has confirmed that hackers broke into a few of its techniques final week and accessed the non-public data of an undisclosed variety of its prospects.
In an e-mail despatched on Monday, which TechCrunch has seen, Betterment mentioned that hackers gained entry to some firm techniques on January 9 by means of a social engineering assault, which concerned “third-party platforms” that the corporate makes use of for advertising and operations.
The corporate mentioned buyer names, e-mail and postal addresses, cellphone numbers, and dates of beginning have been compromised within the assault.
With this entry, hackers have been capable of ship a fraudulent notification to customers, claiming to triple the worth of their crypto by sending $10,000 to a pockets managed by the attacker, as reported by The Verge.
Betterment, which permits prospects to put money into crypto, additionally printed an announcement concerning the breach on its web site, however didn’t disclose what number of prospects have been focused, nor what number of had their private data accessed, stolen, or seen by the hackers.
Betterment added that it detected the assault on the identical day and “instantly revoked the unauthorized entry and launched a complete investigation, which is ongoing,” with the assistance of an unspecified cybersecurity agency. Betterment additionally mentioned it has reached out to the shoppers focused by the hackers and “suggested them to ignore the message.”
“Our ongoing investigation has continued to reveal that no buyer accounts have been accessed and that no passwords or different log-in credentials have been compromised,” Betterment wrote within the e-mail.
Techcrunch occasion
San Francisco
|
October 13-15, 2026
Representatives for Betterment didn’t instantly reply to a request for remark asking for extra particulars concerning the assault.
As of the time of publication, Betterment’s safety incident net web page incorporates a hidden “noindex” tag in its supply code, which tells engines like google to disregard the web page, making it tougher for anybody looking the net to find details about the information breach.
