Jump to content
Outlook 2024: recession risks loom large ×

Broker Pepperstone Hacked

Caseynotes

Recommended Posts

Caseynotes Honoured Contributor

Caseynotes

Posted
Posted

Important information about your account security.

Dear ,

We’re writing to you to let you know about a data security incident that has impacted people who’ve registered, or attempted to register, for a Pepperstone demo or live trading account.

Our investigations show that the personal information (or personal data) about you that may have been impacted is limited to your:
 

  • Name
  • Contact details (such as email, phone number and physical address)
  • Date of birth


We can confirm that any trading accounts, passwords and bank account information that you have with us are safe. They have not been compromised.

We’re extremely concerned that this has happened. Keeping your Pepperstone account safe is our priority. Please be assured that we’ve identified the cause of the incident, contained it, and put a number of measures in place to stop it from happening again.

What happened?

Like most businesses, Pepperstone uses a variety of third party service providers to undertake various functions. On 22 July (AEST) we discovered and contained a malware attack. One of our service providers was attacked by criminals who used malware to compromise a computer used by the service provider in order to steal their user credentials. The cyber criminals then used those credentials to gain access to our internal client relationship management system. Before we stopped the attack, they were able to take a limited amount of personal information belonging to some of our account holders. The criminals accessed a subset of our account holder data via the client relationship management system. Importantly, the criminals weren’t able to access our trading environment or our financial systems, which are segregated from our client relationship management system. This means that the criminals didn’t gain access to any trading accounts, banking details, passwords or ID documents that we hold for you. Our clients can continue to have confidence in using our trading systems safely and securely. For more details about the incident, how we’ve stopped it and prevented it from recurring, please visit our dedicated webpage.

What has Pepperstone done to address this?

We first became aware of this issue on 21 July and immediately launched an investigation with the assistance of an external forensic specialist. We’re also in communication with the national cyber crime agencies and data privacy commissioners in our regulated jurisdictions. We’ve only recently become aware that your details were impacted as a result of that investigation.

What do I do now?

We encourage you to take the following steps:
 

  • Configure your Pepperstone account and other online accounts, such as email, to require two-factor authentication (e.g. password plus SMS code)
  • Although we have no reason to suspect that your password has been compromised we strongly recommend that you change your Pepperstone password as a precaution. We also recommend that you choose a password that’s unique, not one that you use for any of your other online accounts
  • If you believe that your personal information has been used by a third party without your authorisation, report it to your local cybercrime agency
  • Contact your bank immediately if you’ve sent money to a scammer or if you think you’ve provided confidential banking information to a scammer
  • Don’t allow any access by remote desktop viewers by any company, even if they claim to be Pepperstone
  • Don’t respond to/click on any suspicious communications from people or organisations that you don’t know
  • Close any online accounts that you no longer use.


We understand that people will be concerned about this. We encourage you to contact us immediately if you have any suspicions or concerns about any communication you receive, on 1300 033 375 or at support@pepperstone.com.

Finally, we want to reassure you that Pepperstone absolutely remains open for business, fully regulated and here to support your trading needs. If you want to discuss this matter further please don’t hesitate to get in touch.

Kind regards,
The Pepperstone team

Link to comment
Kodiak Valued Contributor

Kodiak

Posted
Posted

City Index also had some problems in April 

"Financial trading and spread betting service provider City Index has informed users of a breach of their personal data, including names, dates of birth, gender and bank details."

"In an immediate response to the incident, City Index sent an advisory to affected clients suggesting that they reset their City Index passwords and consider also resetting the password if it is used for other accounts the client may have elsewhere."

 

https://www.infosecurity-magazine.com/news/city-index-data-breach/

money never sleeps = criminals never sleeps

Link to comment
dmedin Super Contributor

dmedin

Posted
Posted (edited)

Neither CMC Markets nor City Index have a two-factor authentication mechanism, either.

Total f*king garbage!

And if they are getting attacked by malware they must be using Windows machines - another big no-no!  Switch to RHEL immediately for your servers!

Edited by dmedin
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing

  • General Statistics

    • Total Topics
      23,068
    • Total Posts
      95,500
    • Total Members
      43,686
    • Most Online
      7,522
      10/06/21 10:53
    Mac
    Newest Member
    Mac
    Joined 04/10/23 03:34
  • Trustpilot

  • Posts

    • Megamind
      Explaining The CEX Landscape: An Analysis of 2023 H1

      By Megamind · Posted

      Introduction: Following the demise of FTX, the cryptocurrency exchange (CEX) landscape underwent a significant transformation that raised questions about the legitimacy and security of such platforms. As a result, consumers are now demanding greater transparency and protective measures from exchanges to regain their faith. The post-FTX CEX landscape is examined in this paper, with a focus on significant exchanges' actions while also noting important trends. After FTX failed, consumers demanded more openness from CEX, which brought credibility once again into the spotlight. Proof of Reserves (PoR) gained popularity as exchanges tried to convince users that their assets were secure. Although PoR by itself does not ensure solvency, Bitget, OKX, Binance, and other CEX were forced to adopt this approach. Additionally, it became crucial to provide protection funds to give users trust, especially in the event of losses or breaches. Binance upped its protection funds from $735 million to $1 billion, underscoring their dedication to protecting user funds, while Bitget expanded their fund from $200 million to over $300 million. Bitget Shines in the CEX Landscape: Bitget distinguished itself by growing its derivatives volume at the time of FTX's collapse, showing resilience in a challenging market. This exchange's ability to adapt and thrive post-FTX demonstrates its strength in the CEX landscape. Binance retained its dominance, maintaining stable trading volumes despite the FTX fallout, but still faced with regulatory challenges in some regions, forcing it to close its services there. Other exchanges, like OKX, also managed to maintain strong derivatives businesses. However, there was a slight decrease in spot trading volume, with DEX trading remaining relatively stable.   Trends, Legal Landscape, and the Road Ahead:  Most CEXs experienced a decline in derivatives trading volume post-FTX, except for Bitget, which increased its trading volume slightly. This growth highlights Bitget's ability to capture additional volume in a challenging environment. Regulatory challenges, especially in the US, pose significant hurdles for CEXs. Compliance with KYC and AML measures is important, as inadequate safeguards can harm an exchange's reputation. CEXs that actively contribute to the ecosystem gain favour and trust from users. In conclusion, as successful exchanges will continue to adapt, innovate, and prioritize user trust in this evolving and competitive cryptocurrency landscape, which exchange do you think will stand out strong in the coming years? https://research.nansen.ai/articles/decoding-the-cex-landscape-an-in-depth-analysis-of-2023-h1
    • Jaja24
      What's Your Price Prediction on Bitcoin ETFs on SEC Decision?

      By Jaja24 · Posted

      Kinda like the features of this product, it’s quite easy to navigate through and has less complexities. This should be every traders flex 
    • tradinglounge
      NEO/U.S. dollar(NEOUSD) Elliott Wave Technical Analysis 4 October 23

      By tradinglounge · Posted

      Elliott Wave Analysis TradingLounge Daily Chart, 4 October 23, NEO/U.S. dollar(NEOUSD) NEOUSD Elliott Wave Technical Analysis Function: Counter Trend Mode: Corrective Structure: Double Corrective Position: Wave (Y) Direction Next higher Degrees: Wave ((B)) of Flat Wave Cancel invalid Level: 5.96 Details: The corrective of wave (Y) Likely move down to 5.94 NEO/U.S. dollar(NEOUSD)Trading Strategy: A decline below 7.08 makes the triangle complete at 7.68, also the price below the MA200 Line, Overview still is a downtrend, and the price move to wave ((5)) which a last wave before change a trend NEO/U.S. dollar(NEOUSD)Technical Indicators: The price is below the MA200 indicating a downtrend, RSI is a Bearish divergence. TradingLounge Analyst: Kittiampon Somboonsod, CEWA Source : Tradinglounge.com get trial here! Elliott Wave Analysis TradingLounge 4H Chart, 4 October 23, NEO/U.S. dollar(NEOUSD) NEOUSD Elliott Wave Technical Analysis Function: Counter Trend Mode: Corrective Structure: Triangle Position: Wave (E) Direction Next higher Degrees: Wave (4) of Impulse Wave Cancel invalid Level: Details: Weve 4 may be complete and the ptice decline again in wave 5 NEO/U.S. dollar(NEOUSD)Trading Strategy: A decline below 7.08 makes the triangle complete at 7.68, also the price below the MA200 Line, Overview still is a downtrend, and the price move to wave ((5)) which a last wave before change a trend NEO/U.S. dollar(NEOUSD)Technical Indicators: The price is below the MA200 indicating a downtrend, RSI is a Bearish divergence

Markets

Forex

Indices

Shares

Other markets

IG services

Spread betting

CFD trading

Share dealing

Trading platforms

Web platform

Trading apps

Advanced platforms

Compare features

About Us

How we support you

What we do with your money

How does IG make money?

Professional trading

Contact us

Post topic on Community

Browse Help and Support

Education on Academy

Tweet us @IGClientHelp

UK

IG | Sitemap | Terms and agreements | Privacy | How to fund | Cookies | About IG

Spread bets and CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 75% of retail investor accounts lose money when trading spread bets and CFDs with this provider. You should consider whether you understand how spread bets and CFDs work, and whether you can afford to take the high risk of losing your money. Professional clients can lose more than they deposit. All trading involves risk.

The value of shares, ETFs and ETCs bought through a share dealing account, a stocks and shares ISA or a SIPP can fall as well as rise, which could mean getting back less than you originally put in. Past performance is no guarantee of future results.

CFD, share dealing and stocks and shares ISA accounts provided by IG Markets Ltd, spread betting provided by IG Index Ltd. IG is a trading name of IG Markets Ltd (a company registered in England and Wales under number 04008957) and IG Index Ltd (a company registered in England and Wales under number 01190902). Registered address at Cannon Bridge House, 25 Dowgate Hill, London EC4R 2YA. Both IG Markets Ltd (Register number 195355) and IG Index Ltd (Register number 114059) are authorised and regulated by the Financial Conduct Authority.

The information on this site is not directed at residents of the United States, Belgium or any particular country outside the UK and is not intended for distribution to, or use by, any person in any country or jurisdiction where such distribution or use would be contrary to local law or regulation.

© 2003 - 2020

IG | Terms and agreements (UK) | Privacy (UK) | Cookies | Investors | Careers | Marketing partnership

×
×
  • Create New...
us