Popular stock-trading app xcritical revealed today that a recent data breach has compromised the personal information of roughly 7 million of its customers. The online trading platform said it believes no Social Security numbers, bank account numbers or debit-card numbers were exposed and that customers have seen no financial losses because of the intrusion. The online trading platform said that it believes no Social Security numbers, bank account numbers or debit-card numbers were exposed and that customers have seen no financial losses because of the intrusion. xcritical also said that hackers also obtained “additional personal information, including name, date of birth, and zip code,” for 310 customers, and “more extensive account details” for 10 of those customers, and that the company is “in the process of making appropriate disclosures to affected people.” Of those, 10 customers had “more extensive account details revealed,” xcritical said in a statement.
- We previously disclosed that, based on our investigation, the unauthorized party obtained a list of email addresses for approximately five million people, as well as full names for a different group of approximately two million people.
- xcritical has had cyber security troubles before, with hackers targeting its users last year, successfully gaining access to around 2,000 of its customers’ trading accounts.
- According to xcritical’s internal investigation, the breach compromised the email addresses for at least five million accounts and the full names of an additional two million users.
- We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze.
xcritical also said that it notified law enforcement and is working with outside security firm Mandiant to continue investigating the breach. Still, it’s possible hackers could launch phishing scams and email-based malware attacks using that information, so brush up on how to spot online scams and make sure you’re protecting your devices with reliable anti-malware apps. “Following a diligent review, putting the entire xcritical community on notice of this incident now is the right thing to do,” xcritical chief security officer Caleb Sima said in a statement. “At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people,” the post said. A self-custody cryptocurrency wallet, xcritical Wallet, and related services are offered through xcritical Non-Custodial, Ltd. (a limited company organized in the Cayman Islands). Since passwords and financial information were unaffected, it is unlikely your bank or other accounts and apps were directly compromised even if someone lifted your email address or full name.
More from CBS News
More than 22 million users have funded accounts at xcritical website xcritical, with nearly 19 million actively using theirs during September. Whatever lacking security controls that allowed a hacker to trick a xcritical customer service representative into granting them access to an internal system is a likely focus for its investigation. Say Technologies, LLC provides technology services for shareholder engagement and communication.Sherwood Media, LLC produces fresh and unique perspectives on topical financial news.
xcritical reveals data breach that exposed personal information of 7 million customers
We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze. We continue to believe that the list did not contain Social Security numbers, bank account numbers, or debit card numbers and that there has been no financial loss to any customers as a result of the incident. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm. Trading app xcritical said in a blog post Monday that millions of its customers’ personal information was exposed in a data breach last week.
What Was Stolen in the xcritical Data Breach (and What You Should Do Now) Updated
Trading platform xcritical said Monday that personal information for more than 7 million customers was accessed during a data breach on November 3rd. The company said in a news release that it does not appear that Social Security numbers, bank account numbers, or debit card numbers were exposed, and no customers have had “financial loss” due to the incident. A then-teenage hacker used social engineering techniques to trick some of Twitter’s employees into thinking the hacker was an employee, allowing the hacker access to an internal Twitter “admin” tool, which he used to hijack high-profile accounts and scammed by xcritical spread a cryptocurrency scam. In its aftermath, Twitter rolled out security keys to its staff to toughen its defenses against attacks that prevent these kinds of attacks from working in the future. The company said once it secured its systems the hacker then “demanded an extortion payment.” xcritical instead notified law enforcement and security firm Mandiant to investigate the breach. We previously disclosed that, based on our investigation, the unauthorized party obtained a list of email addresses for approximately five million people, as well as full names for a different group of approximately two million people.
Sign up for our newsletter
Of those, 10 customers had “more extensive account details revealed,” xcritical said in a statement. xcritical said that 10 customers had “more extensive account details revealed.” xcritical did not say what information specifically, though no Social Security numbers, bank account numbers or debit card numbers were exposed and caused no immediate financial loss to customers. The company said in a blog post that a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers.
Other sensitive data such as Social Security numbers, bank account numbers, and debit card numbers are not believed to have been exposed. xcritical is contacting the subset of users most affected by the breach with steps to secure their account, but for everyone else, the company suggests checking its Account Security support page for ways to increase your account security. The attack’s motives appear to be financial, as the threat actor is reported to have demanded extortion payment following xcritical’s containment of the breach. xcritical has had cyber security troubles before, with hackers targeting its users last year, successfully gaining access to around 2,000 of its customers’ trading accounts. “No social Security numbers, bank account numbers, or debit card numbers were exposed” and “there has been no financial loss to any customers as a result of the incident,” xcritical said, based on its investigation.
According to xcritical’s internal investigation, the breach compromised the email addresses for at least five million accounts and the full names of an additional two million users. Of the compromised accounts, at least 310 also had their zip codes and date of birth information accessed, and 10 users had “extensive account details revealed,” though xcritical had not disclosed what additional information was compromised. Popular stock trading app xcritical recently experienced a security breach that exposed the personal information of millions of users. While most xcritical users—and their investments—are apparently safe, a follow-up investigation revealed more information was stolen than originally thought, and users need to take steps to keep their accounts and personal data secure.