Crowd2Fund phishing scam: Hackers had access for less than one hour
Crowd2Fund has given more details about the recent phishing scam that targeted its users, revealing that hackers had access for less than one hour before they were locked out.
Peer2Peer Finance News exclusively reported last week that Crowd2Fund customers were sent fraudulent messages asking for payments in cryptocurrencies, which the platform said was due to a third-party marketing tool that had been compromised.
The peer-to-peer business lending firm said that the hackers managed to conduct two spam email campaigns and an SMS campaign, but were probably unable to export personal data due to its system’s security measures.
“We want to be candid about the extent of the breach,” Crowd2Fund said. “The hackers gained access to view certain non-sensitive information, such as names and preferred communication methods. Although the hackers had the potential to access individual profiles, the complexity of our system and their brief access window make it highly unlikely that any meaningful data was compromised.
Read more: Crowd2Fund founder steps down from CEO role as part of restructure
“As the system does not allow export of data, the hackers would have needed to manually screenshot data across multiple layers, category by category, an intricate process that would have been near-impossible given the volume of accounts and the limited time they had.”
Crowd2Fund said it has taken “immediate action” to bolster its security protocols, has secured third-party marketing tools and reset all connections.
It has reported the incident to the Financial Conduct Authority and submitted a report to the Information Commissioner’s Office.
Read more: Crowd2Fund investors deposited £2.2m in “thrilling” 2022
The platform said that its investigation is ongoing, and the Litherium wallet linked to the phishing campaign has shown no signs of suspicious activity. It said it will share updates as it gathers more information.
Crowd2Fund encouraged its investors to remain cautious when interacting with online communications.
“We understand the concern and frustration this incident may have caused,” Crowd2Fund said. “Please know that your security and trust are paramount to us. The swift and strategic response of our dedicated development team played a crucial role in minimizing potential damage. Crowd2Fund stands firm in our dedication to providing a secure and seamless investment experience. We will keep you informed throughout our investigation, ensuring transparency at every stage.”