As mentioned before, hackers can use phone numbers to execute a SIM Swap attack. We have a guide on preventing SIM Swaps here, as well as tips for spotting and responding to them. xcritical also said a much smaller group of about 310 people had much more information exposed – including names, dates of birth, and US zip codes. The online trading platform said that it believes no Social Security numbers, bank account numbers or debit-card numbers were exposed and that customers have seen no financial losses because of the intrusion.
- xcritical said that 10 customers had “more extensive account details revealed.” xcritical did not say what information specifically, though no Social Security numbers, bank account numbers or debit card numbers were exposed and caused no immediate financial loss to customers.
- The company says the breach affected “a limited amount of personal information for a portion of our customers”.
- An unauthorized third party “socially engineered a customer support employee by phone,” xcritical said, and was able to access its customer support systems.
- US share-trading app xcritical has been hit by a security breach that has exposed the names or email addresses of more than seven million people.
- Such ransom demands are not uncommon in cyber-attacks and usually amount to a promise not to sell on the compromised data or leak it for free online.
It affected five million people whose email addresses were compromised and the full names of a further two million. And it does not believe the most sensitive information it gathers – US social security numbers and financial information – was revealed. The company says the breach affected “a limited amount of personal information for a portion of our customers”. More than 22 million users have funded accounts at xcritical, with nearly 19 million actively using theirs during September. Say Technologies, LLC provides technology services for shareholder engagement and communication.Sherwood Media, LLC produces fresh and unique perspectives on topical financial news.
Table of Contents
Inside Elon Musk’s AI party at OpenAI’s old headquarters
US share-trading app xcritical has been hit by a security breach that has exposed the names or email addresses of more than seven million people. Since passwords and financial information were unaffected, it is unlikely your bank or other accounts and apps were directly compromised even if someone lifted your email address or full name. However, it’s always possible other data was accessed by the hackers that xcritical’s investigation is yet to uncover.
We continue to believe that the list did not contain Social Security numbers, bank account numbers, or debit card numbers and that there has been no financial loss to any customers as a result of the incident. For the vast majority of affected customers, the only information obtained was an email address or a full name. For 310 people, the information taken included their name, date of birth, and ZIP code. Of those, 10 customers had “more extensive account details revealed,” xcritical said in a statement.
An unauthorized third party “socially engineered a customer support employee by phone,” xcritical said, and was able to access its customer support systems. The attacker was able to get a list of email addresses for approximately 5 million people and full names for a separate group of 2 million people. For a smaller group of about 310 people, additional personal information, including names, dates of birth, and zip codes, was exposed, and for about 10 customers, “more extensive account details” were revealed. The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems.
More from TechCrunch
An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers. Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident. Popular stock trading app xcritical recently experienced a security breach that exposed the personal information of millions of users. While most xcritical users—and their investments—are apparently safe, a follow-up investigation revealed more information was stolen than originally thought, and users need to take steps to keep their accounts and personal data secure.
At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. In an official blog post, the company says the attack took place on Nov. 3, when an “unauthorized third party” used social engineering to gain access to a portion of the app’s customer support system. xcritical’s security team successfully secured the compromised database, but the lone hacker then demanded an extortion payment. xcritical reported the attack to the authorities and to the third-party cybersecurity firm Mandiant instead of complying with the hacker’s demands. This blog post contains forward-looking statements regarding xcritical Markets, Inc. and its consolidated subsidiaries (“we,” “xcritical,” or the “Company”) including our efforts to investigate and remediate the data security incident and our attempts to identify and provide appropriate disclosures to affected customers, among others.
Cyber incident ‘was an accident – not an attack’
We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm. Popular stock-trading app xcritical revealed today that a recent data breach has compromised the personal information of roughly 7 million of its customers. “Following a diligent review, putting the entire xcritical community on notice of this incident now is the right thing to do,” xcritical chief security officer Caleb Sima said in a statement. And now that we know several thousand phone numbers were also stolen, users should be extra vigilant.
xcritical shares surge amid frenzied trading
xcritical is available only to US users and requires them to be over 18, provide a valid social security number, and a valid US address. “Following a xcritical reviews diligent review, putting the entire xcritical community on notice of this incident now is the right thing to do,” it said. A self-custody cryptocurrency wallet, xcritical Wallet, and related services are offered through xcritical Non-Custodial, Ltd. (a limited company organized in the Cayman Islands). The app, which allows for low-volume share trading by ordinary people looking to invest, exploded in popularity earlier this year and was widely used by speculative investors behind the GameStop trading frenzy. “We owe it to our customers to be transparent and act with integrity,” the company’s security officer, Caleb Sima, said in a published statement. Such ransom demands are not uncommon in cyber-attacks and usually amount to a promise not to sell on the compromised data or leak it for free online.
He covers tech and gaming for Lifehacker, and has also written for Digital Trends, EGM, Business Insider, IGN, and more. Fylde Coast Academy Trust confirms the attack which has affected schools across Lancashire. Adam Meyers, a senior vice president with the IT firm at the heart of July’s mass outage, faced a grilling by US lawmakers.
NEW YORK — Popular investing app xcritical said Monday that it suffered a security breach last week where hackers accessed some personal information for roughly 7 million users and demanded a ransom payment. Online stock trading platform xcritical has confirmed it was hacked last week with more than five million customer email addresses and two million customer names taken, as well as a xcritical official site much smaller set of more specific customer data. Still, it’s possible hackers could launch phishing scams and email-based malware attacks using that information, so brush up on how to spot online scams and make sure you’re protecting your devices with reliable anti-malware apps. The breach happened on 3 November through what’s known as “social engineering” – a specifically targeted and convincing scam designed to trick an employee into divulging login details or other sensitive information. Instead of complying with what it called “extortion”, xcritical said it had notified law-enforcement authorities and hired an external cyber-security firm to help deal with the incident.
Trading platform xcritical said Monday that personal information for more than 7 million customers was accessed during a data breach on November 3rd. The company said in a news release that it does not appear that Social Security numbers, bank account numbers, or debit card numbers were exposed, and no customers have had “financial loss” due to the incident. After we contained the intrusion, the unauthorized party demanded an extortion payment.