Jump to content

Broker Pepperstone Hacked


Recommended Posts

Important information about your account security.

Dear ,

We’re writing to you to let you know about a data security incident that has impacted people who’ve registered, or attempted to register, for a Pepperstone demo or live trading account.

Our investigations show that the personal information (or personal data) about you that may have been impacted is limited to your:

 

  • Name
  • Contact details (such as email, phone number and physical address)
  • Date of birth


We can confirm that any trading accounts, passwords and bank account information that you have with us are safe. They have not been compromised.

We’re extremely concerned that this has happened. Keeping your Pepperstone account safe is our priority. Please be assured that we’ve identified the cause of the incident, contained it, and put a number of measures in place to stop it from happening again.

What happened?

Like most businesses, Pepperstone uses a variety of third party service providers to undertake various functions. On 22 July (AEST) we discovered and contained a malware attack. One of our service providers was attacked by criminals who used malware to compromise a computer used by the service provider in order to steal their user credentials. The cyber criminals then used those credentials to gain access to our internal client relationship management system. Before we stopped the attack, they were able to take a limited amount of personal information belonging to some of our account holders. The criminals accessed a subset of our account holder data via the client relationship management system. Importantly, the criminals weren’t able to access our trading environment or our financial systems, which are segregated from our client relationship management system. This means that the criminals didn’t gain access to any trading accounts, banking details, passwords or ID documents that we hold for you. Our clients can continue to have confidence in using our trading systems safely and securely. For more details about the incident, how we’ve stopped it and prevented it from recurring, please visit our dedicated webpage.

What has Pepperstone done to address this?

We first became aware of this issue on 21 July and immediately launched an investigation with the assistance of an external forensic specialist. We’re also in communication with the national cyber crime agencies and data privacy commissioners in our regulated jurisdictions. We’ve only recently become aware that your details were impacted as a result of that investigation.

What do I do now?

We encourage you to take the following steps:

 

  • Configure your Pepperstone account and other online accounts, such as email, to require two-factor authentication (e.g. password plus SMS code)
  • Although we have no reason to suspect that your password has been compromised we strongly recommend that you change your Pepperstone password as a precaution. We also recommend that you choose a password that’s unique, not one that you use for any of your other online accounts
  • If you believe that your personal information has been used by a third party without your authorisation, report it to your local cybercrime agency
  • Contact your bank immediately if you’ve sent money to a scammer or if you think you’ve provided confidential banking information to a scammer
  • Don’t allow any access by remote desktop viewers by any company, even if they claim to be Pepperstone
  • Don’t respond to/click on any suspicious communications from people or organisations that you don’t know
  • Close any online accounts that you no longer use.


We understand that people will be concerned about this. We encourage you to contact us immediately if you have any suspicions or concerns about any communication you receive, on 1300 033 375 or at support@pepperstone.com.

Finally, we want to reassure you that Pepperstone absolutely remains open for business, fully regulated and here to support your trading needs. If you want to discuss this matter further please don’t hesitate to get in touch.

Kind regards,
The Pepperstone team

Link to post

City Index also had some problems in April 

"Financial trading and spread betting service provider City Index has informed users of a breach of their personal data, including names, dates of birth, gender and bank details."

"In an immediate response to the incident, City Index sent an advisory to affected clients suggesting that they reset their City Index passwords and consider also resetting the password if it is used for other accounts the client may have elsewhere."

 

https://www.infosecurity-magazine.com/news/city-index-data-breach/

money never sleeps = criminals never sleeps

Link to post

Neither CMC Markets nor City Index have a two-factor authentication mechanism, either.

Total f*king garbage!

And if they are getting attacked by malware they must be using Windows machines - another big no-no!  Switch to RHEL immediately for your servers!

Edited by dmedin
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • General Statistics

    • Total Topics
      13,656
    • Total Posts
      68,264
    • Total Members
      57,144
    • Most Online
      5,137
      14/01/21 09:51

    Newest Member
    JamHar
    Joined 18/01/21 02:11
  • Posts

    • I'll try to be concise: Dent was in 2010 calling for the mother of all stock market crashes - so were Elliott Wave International in fact EWI have been call for a massive collapse since 1986!  Some of what he says is accurate - deflation for example - the reason QE has not caused inflation is because it was issued in a deflationary cycle The crash he talks about won't happen - I listened to dent and EWI back in 2010 and I choose to do my own research as other things i was investigating suggested the opposite to what they were both spouting Read my Time Cycles page, it explains the deflationary/inflationary cycles - proven with 220+ years of stock market history behind the reasoning The deflationary cycle he refers to ended late 2016, its now inflationary according to my calcs and research and my prediction is stock market is going upwards until the mid 2030's when it will crash and top out - yet Dent still thinks its in play Up until then we might get a 1987 style crash event but overall the corrections will be modest not massive and they will all be quickly surpassed I don't listen to anyone out there - I trade independently according to my methods so I don't need to be buying and holding and if I'm wrong so be it - it won't affect my trading as the market dictates my positions, not my expectations - since 2010 this has work exceptionally well, where if I'd of followed EWI and Dents forecasts I'd of lost everything in 2010! I've no thoughts on Gold other than it is inflationary hedge - as mentioned on another thread when the stock market is inflationary (which I think started 2017) then price correlation backwards to last time it was inflationary (1982-2000) gold was subdued    
    • Thanks @Caseynotes. Do you think the time of the daily close bears any significance. When viewing the hourly charts, the volume and movements seem to be higher in GMT "working hours" and then slow down overnight. Therefore, are other countries trading on GMT I wonder?
    • Saw a snippet on Sky news complaining that the Lateral Flow test must be faulty because it wasn't picking up as many positives as the PCR. Quite an unbelievable misinterpretation of the data on the number of false positives made by the PCR. Not surprising really as the fake positive numbers generated by the PCR are the only thing driving project fear and lockdowns. Meanwhile, in order to stem the flow of staff needing to self isolate following a PCR false positive the NHS are switching to ...  er, the lateral flow test.         Dr Clare Craig  @ClareCraigPath Deaths are not climbing commensurate with cases. Either COVID got less deadly (despite inc hospital admissions) or we have two measure a) a community positive rate off the charts with false positives b) a hospital rate (likely to inc some real COVID) which is at a steady state     .
×
×
  • Create New...