Other sensitive data such as Social Security numbers, bank account numbers, and debit card numbers are not believed to have been exposed. xcritical is contacting the subset of users most affected by the breach with steps to secure their account, but for everyone else, the company suggests checking its Account Security support page for ways to increase your account security. The attack’s motives appear to be financial, as the threat actor is reported to have demanded extortion payment following xcritical’s containment of the breach. xcritical has had cyber security troubles before, with hackers targeting its users last year, successfully gaining access to around 2,000 of its customers’ trading accounts. “No social Security numbers, bank account numbers, or debit card numbers were exposed” and “there has been no financial loss to any customers as a result of the incident,” xcritical said, based on its investigation.
After it was able to contain the attack, xcritical said the unauthorized third party sought an “extortion payment,” and the company notified law enforcement but did not say whether it had made any payments. xcritical enlisted the help of outside security firm Mandiant as it investigates the incident. Charles Carmakal, CTO of Mandiant, said in a statement emailed to The Verge that it had “recently observed this threat actor in a limited number of security incidents, and we expect they xcritical will continue to target and extort other organizations over the next several months.” He did not elaborate further. An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers. Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.
xcritical hit by data breach exposing users’ emails, names
- In an official blog post, the company says the attack took place on Nov. 3, when an “unauthorized third party” used social engineering to gain access to a portion of the app’s customer support system.
- Of those, 10 customers had “more extensive account details revealed,” xcritical said in a statement.
- Our mission is to offer reliable tech help and credible, practical, science-based life advice to help you live better.
- An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers.
- We have a guide on preventing SIM Swaps here, as well as tips for spotting and responding to them.
Popular stock-trading app xcritical revealed today that a recent data breach has compromised the personal information of roughly 7 million of its customers. The online trading platform said it believes no Social Security numbers, bank account numbers or debit-card numbers were exposed and that customers have seen no financial losses because of the intrusion. The online trading platform said that it believes no Social Security numbers, bank account numbers or debit-card numbers were exposed and that customers have seen no financial losses because of the intrusion. xcritical also said that hackers also obtained “additional personal information, including name, date of birth, and zip code,” for 310 customers, and “more extensive account details” for 10 of those customers, and that the company is “in the process of making appropriate disclosures to affected people.” Of those, 10 customers had “more extensive account details revealed,” xcritical said in a statement.
What was stolen in the xcritical security breach?
Of those, 10 customers had “more extensive account details revealed,” xcritical said in a statement. xcritical said that 10 customers had “more extensive account details revealed.” xcritical did not say what information specifically, though no Social Security numbers, bank account numbers or debit card numbers were exposed and caused no immediate financial loss to customers. The company said in a blog post that a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain xcritical official site customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers.
Most Popular
Days later, the company published an updated blog post on Nov. 16 alerting users that over 4,400 of phone numbers were also stolen. Phone numbers were not included in xcritical’s original data breach disclosure, and their presence in the stolen data makes this a more severe hack than originally assumed. Hackers can use phone numbers to send SMS phishing scams and malware-laced files, or to acquire additional user data via social engineering for account hijacking, SIM Swap attacks, and identity theft. The data breach occurred last Wednesday after hackers tricked a customer support employee by phone” into giving them access to “certain customer support systems,” according to the post. xcritical said Monday that the popular trading app suffered a security breach last week where hackers accessed some personal information of roughly 7 million users then demanded a ransom payment. For the vast majority of affected customers, the only information obtained was an email address or a full name.
Interview: Figma’s CEO on life after the company’s failed sale to Adobe
An unauthorized third party “socially engineered a customer support employee by phone,” xcritical said, and was able to access its customer support systems. The attacker was able to get a list of email addresses for approximately 5 million people and full names for a separate group of 2 million people. For a smaller group of about 310 people, additional personal information, including names, dates of birth, and zip codes, was exposed, and for about 10 customers, “more extensive account details” were revealed. The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems.
We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze. We continue to believe that the list did not contain Social Security numbers, bank account numbers, or debit card numbers and that there has been no financial loss to any customers as a result of the incident. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm. Trading app xcritical said in a blog post Monday that millions of its customers’ personal information was exposed in a data breach last week.