Wealthsimple, a number one Canadian on-line funding administration service, has disclosed a knowledge breach after attackers stole the private information of an undisclosed variety of clients in a current incident.
Based in 2014 and headquartered in Toronto, the monetary providers agency holds over CAD$84.5 billion in belongings (roughly $61 billion). It affords a variety of monetary merchandise focusing on investments, buying and selling, cryptocurrency, tax submitting, spending, and financial savings to over 3 million Canadians.
Wealthsimple’s Android app has over 1 million downloads on the Google Play Retailer, whereas its iOS app has collected over 126,000 scores from Apple customers.
As shared in an official assertion and breach notifications emailed to clients (seen by BleepingComputer), the corporate detected the breach on August thirtieth.
Wealthsimple acknowledged that the attackers didn’t steal any funds and didn’t compromise passwords, making certain that each one buyer accounts stay safe.
“We realized {that a} particular software program bundle that was written by a trusted third occasion had been compromised. This resulted in private information belonging to lower than 1% of our purchasers being accessed with out authorization for a quick interval,” Wealthsimple stated.
“Information that was accessed was private data like contact particulars, authorities IDs offered through the Wealthsimple sign-up course of, monetary particulars, reminiscent of account numbers, IP handle, Social Insurance coverage Quantity, or date of delivery.”
Since detecting the incident, the monetary providers firm has notified impacted clients through electronic mail, and it’s now offering them with two years of complimentary credit score monitoring, in addition to dark-web monitoring, identification theft safety, and insurance coverage.
Affected clients are suggested to safe their accounts utilizing two-factor authentication (2FA) with an authenticator app, by no means reuse passwords, and stay vigilant towards potential phishing makes an attempt impersonating Whealthsimple.
Breach probably a part of Salesloft supply-chain assault
Whereas the corporate did not present any data on how the attackers gained entry to the shoppers’ private data, the main points shared within the assertion and information breach notifications counsel that the corporate might have been one of many victims in a current wave of Salesforce information breaches linked to the ShinyHunters extortion group.
We’ve reached out to Wealthsimple with questions concerning the incident and to verify how the attackers stole its clients’ information, however a response was not instantly out there. Nevertheless, BleepingComputer has discovered a Salesloft occasion on a Wealthsimple subdomain that seems to be presently inactive. Earlier as we speak, ShinyHunters confirmed to BleepingComputer that the Wealthsimple breach was additionally a part of the Salesloft supply-chain assault.
Because the begin of the yr, ShinyHunters has focused Salesforce clients in information theft assaults utilizing voice phishing, which led to information breaches impacting high-profile firms like Google, Cisco, Allianz Life, Qantas, Adidas, Farmers Insurance coverage, Workday, and LVMH subsidiaries, together with Dior, Louis Vuitton, and Tiffany & Co.
Extra just lately, the cybercrime gang shifted to utilizing stolen OAuth tokens for Salesloft’s Drift AI chat integration with Salesforce to compromise Salesforce situations and steal delicate data, reminiscent of passwords, Snowflake tokens, and AWS entry keys, from assist tickets and assist messages from its victims’ clients.
Utilizing this tactic, ShinyHunters has additionally gained entry to a small variety of Google Workspace accounts and breached the Salesforce situations of a number of cybersecurity firms, together with Cloudflare, Palo Alto Networks, Zscaler, Tenable, Proofpoint, CyberArk, BeyondTrust, JFrog, Cato Networks, and Rubrik.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration traits.
