Over 8 Million Customers Affected by Cash App Investing Security Breach | #phishing | #scams | #education | #technology | #infosec

Cash App Investing is the latest brokerage or crypto exchange to lose customer data.

---

Key points

• Cash App Investing reported a data breach that impacted 8.2 million users.
• Cash App is contacting affected users, and no passwords, bank account information, or Social Security numbers were accessed.
• If you think your data has been compromised, change your password and update your 2FA.

---

Cash App Investing’s parent company, Block, revealed this month that a former employee had been involved in a data breach. Information from over 8 million U.S. users was downloaded, and the company says it is reaching out to those who have been affected. According to a filing with the SEC, the breach took place on Dec. 10, 2021.

What happened?

Block says the stolen data included full names and brokerage account numbers (Cash App’s internal identification numbers). In some cases, the former employee accessed people’s trading activity for the day and portfolio value. The breach did not include any usernames, passwords, Social Security numbers, date of birth, payment information, addresses, or bank account information. Nonetheless, impacted users will need to be vigilant.

Cash App Investing has notified law enforcement and enlisted the help of a forensics firm to investigate the situation fully. The company says the incident did not affect customers outside the U.S. and the leaked data did not contain security codes or passwords.

How to protect yourself against hackers

Cash App is not the only brokerage or crypto exchange to be hit by security breaches. In the last year, criminals accessed data (and in some cases assets) from Robinhood, Coinbase, and Crypto.com users. This is why many crypto investors choose to keep their assets in a crypto wallet they control rather than on a centralized platform.

If you suspect your data has been breached, the first step to take is to inform the company and if necessary, freeze your account. Here are some additional steps you can take.

• Change your password. The Cash App leak did not include password information. Nonetheless, it’s good practice to regularly change the passwords on your accounts — especially if there’s a risk of a data leak.
• Update your two factor authentication (2FA). 2FA creates an additional layer of security, such as a number generated by an app on your phone. If your account’s been compromised, it might be a good idea to reset your 2FA.
• Be alert for phishing scams. Phishers pretend to be legitimate companies in an attempt to trick you out of your data. If criminals have some of your personal data, they could use it to send you a spoof message in an attempt to get more. The message might, for example, pretend to be from Cash App’s security team or send you to an imitation website.
• Make sure your antivirus software is up to date. Viruses and malware are constantly changing, so it’s important to keep your protections up to date. That way you’re more likely to be protected against any emerging threats.

Even if you don’t think your data has been compromised, it’s important to be alert and maintain good security habits. Don’t reuse passwords on different accounts and make sure you pick hard-to-guess codes that use a mixture of characters, symbols, and numbers.

Phishing scams are increasingly common, so be wary of emails or SMS messages — even if they seem to be from legitimate sources. Rather than clicking on links in messages, use bookmarks on your computer. That way you’re less likely to enter data on a fake website. Look out for telltale signs such as a logo that’s wrongly colored or a URL with a character that’s wrong.

Bottom line

Security breaches are increasingly common and can be extremely upsetting for victims. Sadly, it is almost impossible to completely protect yourself from cyber criminals. However, the steps above will make it harder for them to access your information and funds.