‘Freedom Finance’ Admits Catastrophic Data Leak

  • Broker business ‘Freedom Finance’ has suffered a severe hacker attack that resulted in a data leak.
  • The information that was stolen is already offered for purchase on various darknet forums.
  • CEO said no client passwords were compromised, even though the seller claims otherwise.

Timur Turlov, CEO of the ‘Freedom Finance’ investment platform, has admitted the leak of sensitive details about 16,000 clients on social media. Although the data dates back to 2018, the things that are included make the event pretty grave. The company claims to have realized the breach only recently after they received a tip about data belonging to them appearing on dark web forums.

The seller of the data pack claims to be in possession of 12 GB of data, including the valid credentials of 16,000 clients, their full names, passport details, phone numbers, extracts, signatures, bank account details, and bank account balances. Even employee login credentials are included in the pack, but they have already reset their passwords.

Turlov stated the following in regards to the unfortunate event:

Colleagues and partners, we had an extremely unpleasant and shameful incident in information security happen yesterday. Cyber extortionists attacked a segment of our internal network and stole some data from local machines of some employees in Russia. These machines are related to employees of the Russian broker providing access to the Russian stock market and almost the entire package is dated 2018.

As for why ‘Freedom Finance’ was targeted, Turlov suggests that it was done by extortionists who are threatening to release the stolen information to the public. Some of the details that have been compromised concern individuals who would prefer to keep their trading activities secret for a multitude of reasons.

The 'Freedom Finance' boss clarified that the hackers didn’t access the CRM, the back office reports, or the trading data on the site, and also stated that client passwords were not touched. The man also assured his followers that the networks and all local machines had been fully cleaned now, and the IT teams have confirmed that the data is not leaking out anymore.

Finally, the entrance point was revealed too, and it was a successful phishing attempt against one of the company's employees. The suspicious email was actually flagged by the security system that was in place, and the employee was warned about the risk but still fell for the hacker’s trap. This proves once again that people are the weakest link in the security chain, and when they’re involved, they can ruin everything even if the security systems work as expected.

Latest
Morocco vs. Portugal Live Stream: How to Watch World Cup 2022 Quarterfinal Match Online
Eight teams remain in the hunt to win the 2022 FIFA World Cup, and the quarterfinals present fans with four exciting match-ups....
England vs. France Live Stream: How to Watch World Cup 2022 Quarterfinal Match Online
A blockbuster clash awaits us as England and France lock horns in the 2022 FIFA World Cup quarterfinals. Some of the world's...
How to Watch The Match 2022 Online: Live Stream Golf From Anywhere
Golf fans, prepare yourselves: The Match 2022 has arrived. Watching the live stream of the Match 2022 has never been easier, as...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari