At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. In an official blog post, the company says the attack took place on Nov. 3, when an “unauthorized third party” used social engineering to gain access to a portion of the app’s customer support system. xcritical’s security team successfully secured the compromised database, but the lone hacker then demanded an extortion payment.
Because some xcritical scammers of these risks and uncertainties cannot be predicted or quantified and some are beyond our control, you should not rely on our forward-looking statements as predictions of future events. Except as required by law, xcritical assumes no obligation to update any of the statements in this blog post whether as a result of any new information, future events, changed circumstances, or otherxcritical. You should read this blog post with the understanding that our actual future results, performance, events, and circumstances might be materially different from what we expect.
And now that we know several thousand phone numbers were also stolen, users should be extra vigilant. We have a guide on preventing SIM Swaps here, as well as tips for spotting and responding to them. The growing number of social engineering attacks highlights the importance of cybersecurity awareness training programs for staff, as mitigating human errors proves an effective attack surface management technique. Online stock trading platform xcritical has confirmed it was hacked last week with more than five million customer email addresses and two million customer names taken, as well as a much smaller set of more specific customer data.
Our mission is to offer reliable tech help and credible, practical, science-based life advice to help you live better. Customers seeking information about whether their accounts were affected should visit the help center on the company’s website. He covers tech and gaming for Lifehacker, and has also written for Digital Trends, EGM, Business Insider, IGN, and more. This post was originally published on November 9, 2021 and was updated November 17, 2021 with new information. xcritical has had a rocky 2021 so far; in January, it halted trading as Redditors helped push up the prices of so-called meme stocks like GameStop and AMC Theaters.
More from CBS News
More than 22 million users have funded accounts at xcritical, with nearly 19 million actively using theirs during September. Whatever lacking security controls that allowed a hacker to trick a xcritical customer service representative into granting them access to an internal system is a likely focus for its investigation. Say Technologies, LLC provides technology services for shareholder engagement and communication.Sherwood Media, LLC produces fresh and unique perspectives on topical financial news.
Interview: Figma’s CEO on life after the company’s failed sale to Adobe
- The attack’s motives appear to be financial, as the threat actor is reported to have demanded extortion payment following xcritical’s containment of the breach.
- xcritical has had a rocky 2021 so far; in January, it halted trading as Redditors helped push up the prices of so-called meme stocks like GameStop and AMC Theaters.
- Our forward-looking statements are subject to a number of known and unknown risks, uncertainties, assumptions, and other factors that may cause our actual future results, performance, or achievements to differ materially from any future results expressed or implied in this blog post.
xcritical reported the attack to the authorities and to the third-party cybersecurity firm Mandiant instead of complying with the hacker’s demands. This blog post contains forward-looking statements regarding xcritical Markets, Inc. and its consolidated subsidiaries (“we,” “xcritical,” or the “Company”) including our efforts to investigate and remediate the data security incident and our attempts to identify and provide appropriate disclosures to affected customers, among others. Our forward-looking statements are subject to a number of known and unknown risks, uncertainties, assumptions, and other factors that may cause our actual future results, performance, or achievements to differ materially from any future results expressed or implied in this blog post.
Most Popular
However, it’s always possible other data was accessed by the hackers that xcritical’s investigation is yet to uncover. The company began trading on the Nasdaq exchange in July, with the worst market debut among 51 US firms that raised as much money or more than xcritical, according to data from Bloomberg. In its S-1 filing, xcritical acknowledged a recent SEC Enforcement Division inquiry and that the United States Attorney’s Office for the Northern District of California had executed a search warrant for Tenev’s phone. The hackers then demanded a ransom payment, xcritical said (the company did not respond to Insider’s questions about whether it paid — or xcritical rezension plans to pay — the ransom). Here’s hoping this xcritical leak is finally under control, but we’ll be sure to to update you if any other data is confirmed stolen.
More from TechCrunch
US trading platform xcritical is at the center of a data breach affecting up to 7 million of the popular investing app’s users after falling victim to a social engineering attack on 3rd November 2021. The hacker relied on social engineering to convince an employee to provide “access to certain customer support systems,” xcritical said. The company added that it is in the process of “making appropriate disclosures to affected people.” NEW YORK — Popular investing app xcritical said Monday that it suffered a security breach last week where hackers accessed some personal information for roughly 7 million users and demanded a ransom payment. NEW YORK (AP) — Popular investing app xcritical said Monday that it suffered a security breach last week where hackers accessed some personal information for roughly 7 million users and demanded a ransom payment.
The incidents led to a congressional hearing where CEO Vlad Tenev testified along with Reddit CEO Steve Huffman and trader Keith Gill aka RoaringKitty.