Security

‘Freedom Finance’ Admits Catastrophic Data Leak

By Bill Toulas
leak
  • Broker business ‘Freedom Finance’ has suffered a severe hacker attack that resulted in a data leak.
  • The information that was stolen is already offered for purchase on various darknet forums.
  • CEO said no client passwords were compromised, even though the seller claims otherwise.

Timur Turlov, CEO of the ‘Freedom Finance’ investment platform, has admitted the leak of sensitive details about 16,000 clients on social media. Although the data dates back to 2018, the things that are included make the event pretty grave. The company claims to have realized the breach only recently after they received a tip about data belonging to them appearing on dark web forums.

The seller of the data pack claims to be in possession of 12 GB of data, including the valid credentials of 16,000 clients, their full names, passport details, phone numbers, extracts, signatures, bank account details, and bank account balances. Even employee login credentials are included in the pack, but they have already reset their passwords.

Turlov stated the following in regards to the unfortunate event:

Colleagues and partners, we had an extremely unpleasant and shameful incident in information security happen yesterday. Cyber extortionists attacked a segment of our internal network and stole some data from local machines of some employees in Russia. These machines are related to employees of the Russian broker providing access to the Russian stock market and almost the entire package is dated 2018.

As for why ‘Freedom Finance’ was targeted, Turlov suggests that it was done by extortionists who are threatening to release the stolen information to the public. Some of the details that have been compromised concern individuals who would prefer to keep their trading activities secret for a multitude of reasons.

The 'Freedom Finance' boss clarified that the hackers didn’t access the CRM, the back office reports, or the trading data on the site, and also stated that client passwords were not touched. The man also assured his followers that the networks and all local machines had been fully cleaned now, and the IT teams have confirmed that the data is not leaking out anymore.

Finally, the entrance point was revealed too, and it was a successful phishing attempt against one of the company's employees. The suspicious email was actually flagged by the security system that was in place, and the employee was warned about the risk but still fell for the hacker’s trap. This proves once again that people are the weakest link in the security chain, and when they’re involved, they can ruin everything even if the security systems work as expected.

Add a Comment

Latest
Sports
Euro 2024 Qualifiers Live Stream: How to Watch International Soccer Online from Anywhere
Sachin Sharma - 0
The road to Euro 2024 is about to get underway, and Europe’s leading soccer stars will be battling it out to qualify...
Read more
Streaming
How to Watch Redemption Online for Free: Stream the Paula Malcomson Series from Anywhere
Lore Apostol - 0
Redemption is an upcoming British drama TV series featuring Paula Malcomson. You will find below all the information you may need, including...
Read more
Streaming
How to Watch The Real Murders of Atlanta Season 2 Online from Anywhere
Lore Apostol - 0
The Real Murders of Atlanta is back with a new set of episodes in Season 2, and we have the premiere date,...
Read more

© TechNadu 2023. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari