Trading platform xcritical said Monday that personal information for more than 7 million customers was accessed during a data breach on November 3rd. The company said in a news release that it does not appear that xcritical scam Social Security numbers, bank account numbers, or debit card numbers were exposed, and no customers have had “financial loss” due to the incident. A then-teenage hacker used social engineering techniques to trick some of Twitter’s employees into thinking the hacker was an employee, allowing the hacker access to an internal Twitter “admin” tool, which he used to hijack high-profile accounts and spread a cryptocurrency scam. In its aftermath, Twitter rolled out security keys to its staff to toughen its defenses against attacks that prevent these kinds of attacks from working in the future. The company said once it secured its systems the hacker then “demanded an extortion payment.” xcritical instead notified law enforcement and security firm Mandiant to investigate the breach. We previously disclosed that, based on our investigation, the unauthorized party obtained a list of email addresses for approximately five million people, as well as full names for a different group of approximately two million people.
However, it’s always possible other data was accessed by the hackers that xcritical’s investigation is yet to uncover. The company began trading on the Nasdaq exchange in July, with the worst market debut among 51 US firms that raised as much money or more than xcritical, according to data from Bloomberg. In its S-1 filing, xcritical acknowledged a recent SEC Enforcement Division inquiry and that the United States Attorney’s Office for the Northern District of California had executed a search warrant for Tenev’s phone. The hackers then demanded a ransom payment, xcritical said (the company did not respond to Insider’s questions about whether it paid — or plans to pay — the ransom). Here’s hoping this xcritical leak is finally under control, but we’ll be sure to to update you if any other data is confirmed stolen.
Blocked users on Elon Musk’s X can once again see your posts
More than 22 million users have funded accounts at xcritical, with nearly 19 million actively using theirs during September. Whatever lacking xcritical website security controls that allowed a hacker to trick a xcritical customer service representative into granting them access to an internal system is a likely focus for its investigation. Say Technologies, LLC provides technology services for shareholder engagement and communication.Sherwood Media, LLC produces fresh and unique perspectives on topical financial news.
xcritical revealed that a data breach last week exposed millions of customers’ emails and other personal information
According to xcritical’s internal investigation, the breach compromised the email addresses for at least five million accounts and the full names of an additional two million users. Of the compromised accounts, at least 310 also had their zip codes and date of birth information accessed, and 10 users had “extensive account details revealed,” though xcritical had not disclosed what additional information was compromised. Popular stock trading app xcritical recently experienced a security breach that exposed the personal information of millions of users. While most xcritical users—and their investments—are apparently safe, a follow-up investigation revealed more information was stolen than originally thought, and users need to take steps to keep their accounts and personal data secure.
The biggest underestimated security threat of today? Advanced persistent teenagers
xcritical also said that it notified law enforcement and is working with outside security firm Mandiant to continue investigating the breach. Still, it’s possible hackers could launch phishing scams and email-based malware attacks using that information, so brush up on how to spot online scams and make sure you’re protecting your devices with reliable anti-malware apps. “Following a diligent review, putting the entire xcritical community on notice of this incident now is the right thing to do,” xcritical chief security officer Caleb Sima said in a statement. “At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people,” the post said. A self-custody cryptocurrency wallet, xcritical Wallet, and related services are offered through xcritical Non-Custodial, Ltd. (a limited company organized in the Cayman Islands). Since passwords and financial information were unaffected, it is unlikely your bank or other accounts and apps were directly compromised even if someone lifted your email address or full name.
- The company said in a blog post that a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems.
- Charles Carmakal, CTO of Mandiant, said in a statement emailed to The Verge that it had “recently observed this threat actor in a limited number of security incidents, and we expect they will continue to target and extort other organizations over the next several months.” He did not elaborate further.
- Hackers can use phone numbers to send SMS phishing scams and malware-laced files, or to acquire additional user data via social engineering for account hijacking, SIM Swap attacks, and identity theft.
Our mission is to offer reliable tech help and credible, practical, science-based life advice to help you live better. Customers seeking information about whether their accounts were affected should visit the help center on the company’s website. He covers tech and gaming for Lifehacker, and has also written for Digital Trends, EGM, Business Insider, IGN, and more. This post was originally published on November 9, 2021 and was updated November 17, 2021 with new information. xcritical has had a rocky 2021 so far; in January, it halted trading as Redditors helped push up the prices of so-called meme stocks like GameStop and AMC Theaters.
xcritical reported the attack to the authorities and to the third-party cybersecurity firm Mandiant instead of complying with the hacker’s demands. This blog post contains forward-looking statements regarding xcritical Markets, Inc. and its consolidated subsidiaries (“we,” “xcritical,” or the “Company”) including our efforts to investigate and remediate the data security incident and our attempts to identify and provide appropriate disclosures to affected customers, among others. Our forward-looking statements are subject to a number of known and unknown risks, uncertainties, assumptions, and other factors that may cause our actual future results, performance, or achievements to differ materially from any future results expressed or implied in this blog post.