Betterment confirms data breach, tells customers to beware crypto scam notifications

• Betterment employee credentials stolen, enabling phishing emails via third-party platform
• Attackers accessed personal data: names, emails, addresses, phones, birth dates
• No accounts breached, but stolen data may fuel future phishing scams

Investment platform Betterment has revealed it was breached recently, with its infrastructure used to send out phishing emails to customers.

In a data breach notification, published on the company’s website, Betterment said an unidentified threat actor tricked one of its employees into sharing login credentials for a third-party software platform it uses.

“This means the individual used identity impersonation and deception to gain access, rather than compromising our technical infrastructure,” the notification reads.