Betterment Data Breach Exposes Customer Information in 2026 Social Engineering Attack On January 9, 2026, Betterment, a leading automated investment and personal finance platform, disclosed a cybersecurity incident in which hackers exploited third-party marketing and operational tools to access customer data. The attackers employed social engineering tactics deception and impersonation to infiltrate systems, bypassing Betterment’s core security infrastructure. The breach exposed personal information, including names, email and postal addresses, phone numbers, and dates of birth for an undisclosed number of customers. While Betterment confirmed that no account credentials or financial data were compromised, the attackers used the stolen information to send fraudulent cryptocurrency scam messages to some users, promising to triple their holdings in exchange for a $10,000 payment to a hacker-controlled wallet. Betterment detected the breach the same day, revoking unauthorized access and launching an investigation with an unnamed cybersecurity firm. The company stated that no customer accounts were accessed, and login credentials remained secure. However, the incident has raised concerns about the risks posed by third-party integrations in financial services, as the attack did not target Betterment’s internal systems directly but rather exploited vulnerabilities in external platforms. Betterment’s response has drawn criticism for its lack of transparency, including the use of a "noindex" tag on its security incident webpage, preventing search engines from indexing the details. As of January 12, 2026, the company had not disclosed the number of affected customers or further specifics about the attack. The ongoing investigation, along with regulatory scrutiny, may provide additional clarity in the coming weeks. Cybersecurity experts note that social engineering attacks on financial platforms are increasing, emphasizing the need for stronger oversight of third-party vendors and employee training. The breach underscores the broader challenge of securing interconnected digital ecosystems, where even robust internal defenses can be undermined by external vulnerabilities.

SoundCloud Confirms Security Breach Impacting 28 Million Users SoundCloud has confirmed that recent outages and VPN connectivity issues were caused by a security breach in which threat actors stole a database containing user information. The incident, detected over the past four days, led to widespread reports of users encountering 403 "forbidden" errors when accessing the platform via VPN. In a statement to BleepingComputer, SoundCloud revealed that unauthorized activity was detected in an ancillary service dashboard, prompting the activation of its incident response procedures. While the company acknowledged that a threat actor accessed limited data, it clarified that no sensitive information—such as financial details or passwords—was compromised. The exposed data included only email addresses and publicly visible profile information. The breach is estimated to affect approximately 20% of SoundCloud’s user base, translating to roughly 28 million accounts based on publicly reported figures. The company stated that all unauthorized access has been blocked and that no ongoing risk to the platform exists. In response, SoundCloud has implemented additional security measures, including enhanced monitoring, improved threat detection, and a review of identity and access controls. However, a configuration change made during the response disrupted VPN access to the site, with no confirmed timeline for full restoration. Following the breach, SoundCloud also faced denial-of-service (DoS) attacks that temporarily disabled its web availability. While the company has not identified the threat actor, BleepingComputer sources indicate that the ShinyHunters extortion gang is likely responsible. The group, which also claimed responsibility for a recent PornHub data breach, is reportedly attempting to extort SoundCloud after allegedly stealing user data. Further updates are expected as the investigation continues.