20 September 2023
Escalation of an old security incident (UPDATED)
September 25, 2023
After additional analysis, we want to provide more detailed information about the most recent escalation of the old security incident, dated April 2020, to ensure complete transparency. Please note that only those PeerBerry clients registered before April 2020 are affected by the incident covered in this announcement.
On Wednesday evening, September 20, we detected attempts to compromise PeerBerry with an old security incident presenting it as a new one, which is misleading information – there have been no new security incidents on the PeerBerry platform since April 2020. Our initial check confirmed that the information cybercriminals distributed coincided with the old data leak. On the evening of September 20, we published the corresponding announcement to inform our investors about this escalation (see information below, posted on September 20).
We remind you that leaked data, dated April 2020, was first available on the darknet at the end of November 2022. That time, on one of the hackers’ forums, cybercriminals published these leaked data: PeerBerry ID number, name and surname, email, date of birth, available phone numbers, address details, registration IP, and the last login IP. In the first version of the published data, there were no investors’ bank account numbers and personal IDs, and passwords remained safely encrypted. We immediately informed the investor community and the personal data protection authority in PeerBerry’s jurisdiction about this incident, and, to ensure higher protection, we forced a reset of passwords for all clients registered till April 2020
This time, cybercriminals used the opportunity of the same data leak case, dated April 2020, adding more data to the previously disclosed data, such as customer personal codes/IDs, bank account numbers, and information about operations (deposits, withdrawals, investments in loans).
Since the recently escalated security incident includes a database leaked on the same day as the old incident, dated April 2020, the incident remains qualified as an old incident, which we have already reported to the responsible personal data protection authority. Responding responsibly, we once again informed the data protection authority about the escalation of the incident and the additional disclosed data.
We assure you that we carry out regular updates to protect our system and our client’s data, and no new security incidents have been detected after the data leak in April 2020. Additionally, with the help of our external cyber security partners, we perform regular security checks of our systems.
If you have any questions or concerns, do not hesitate to contact our Client Support.
—
Public manipulation with an old security incident
September 20, 2023
Today, in one of the social networks, we detected the manipulation with an old security incident dated April 2020. Cybercriminals publicly announce a new security incident on the platform (data leakage) to harm PeerBerry’s reputation.
We responsibly state that there was no new data leak on the platform. Our IT and cyber security partners checked the data distributed by hackers; their date coincides with an old incident (April 2020), about which we informed the investor community and the data protection authority in PeerBerry’s jurisdiction.
Please stay cautious and critically assess publicly distributed information. For any questions or doubts, please get in touch with our Client Support.
Also, we remind you to regularly change your passwords and the importance of using 2FA to ensure higher data protection. You are always welcome to contact us if our assistance is needed.
Your PeerBerry team
