Betterment breach may expose 1.4M users after social engineering attack

Breach-tracking site Have I Been Pwned (HIBP) claims a cyberattack on Betterment affected roughly 1.4 million users – although the investment company has yet to publicly confirm how many customers were affected by January's intrusion.

The figure surfaced today after HIBP added the incident to its database. HIBP says the dataset tied to the attack contains approximately 1.4 million unique email addresses, along with partial personal information that aligns with details previously acknowledged by the fintech firm.

Betterment, which offers automated investment and financial planning services, first disclosed the breach in January after detecting unauthorized access to certain internal systems on January 9. Betterment said the hacker gained entry through a social engineering scheme that relied on impersonation to infiltrate third-party marketing and operations tools, then used that access to send customers a fraudulent cryptocurrency promotion disguised as an official company message.

In its most recent customer update ...