Data breach at fintech firm Figure affects nearly 1 million accounts

Figure Technology Solutions, a blockchain-based fintech player that’s all about lending and trading, just got hit by a sneaky social engineering attack from the notorious ShinyHunters group, exposing personal details like names, emails, phone numbers, addresses, and birthdays for nearly a million accounts—oops, that’s a lot of sensitive data floating around the dark web. This mess started when an employee fell for a classic vishing scam, handing over access that let hackers breach connected systems, and it’s a stark reminder that even blockchain whizzes aren’t immune to human error in the wild world of cyber threats. With ShinyHunters on a rampage hitting everyone from dating apps to big-name brands via phishing portals that mimic legit logins, SMBs and MSPs need to double-down on training staff to spot these tricks and beef up multi-factor authentication setups. Don’t let your business be next—think of this as a wake-up call to audit your SSO and third-party integrations before the bad guys come knocking, because manual workflows won’t cut it against today’s fast-moving attacks. Meanwhile, if you’re running a small shop, tools like automated response systems could help you stay a step ahead without breaking the bank.

Source: https://www.bleepingcomputer.com/news/security/data-breach-at-fintech-firm-figure-affects-nearly-1-million-accounts/