Brinztech Alert: The Alleged Client Database of eToro is on Sale

Dark Web News Analysis

The dark web news reports a significant potential data breach involving eToro, a leading social trading and multi-asset investment company. A threat actor on a hacker forum is offering a database containing 87,000 lines of client information for the price of $1,200 USD.

The compromised dataset is highly actionable for financial fraudsters. It reportedly includes Full Names, Email Addresses, Countries, IP Addresses, Deposit Amounts, and the specific Deposit Platforms used. While this does not appear to be a full database dump of eToro’s millions of users, the presence of specific financial figures (deposit amounts) suggests this list may have been exfiltrated from a third-party payment processor or a specific marketing campaign database.

Key Cybersecurity Insights

Breaches of investment platforms are “high-yield” targets for cybercriminals because the victims are known to have disposable income and active financial accounts:

• “Whaling” (High-Value Targeting): The most dangerous field in this leak is the Deposit Amount. Attackers can sort the list to find the “Whales”—users with high deposit volumes. These individuals will be targeted with sophisticated Spear-Phishing or Vishing (Voice Phishing) attacks that low-value targets would not receive.
• “Recovery” Scams: Scammers often target victims of trading platforms with “Recovery Services.” Knowing a user has an account and potentially how much they deposited, the attacker can call claiming to be from eToro’s fraud department: “We noticed unauthorized activity on your $5,000 deposit. Please move your funds to this ‘secure wallet’ immediately.”
• Platform-Specific Phishing: The leak includes the Deposit Platform (e.g., PayPal, Skrill, Bank Transfer). This allows attackers to craft context-perfect emails: “Your deposit via PayPal has been flagged. Click here to verify.” Because the email matches the user’s actual behavior, the success rate is high.
• Credential Stuffing: Traders often reuse passwords. Attackers will take the Emails from this list and test them against other financial services (Coinbase, Binance) to see if they can access other crypto assets.

Mitigation Strategies

To protect investment portfolios and digital identities, the following strategies are recommended:

• 2FA Enforcement: eToro users should verify that Two-Factor Authentication (2FA) is active on their account, preferably using an Authenticator App rather than SMS.
• Credential Rotation: Users should immediately change their eToro password and ensure it is unique.
• Communication Protocol: Be aware that eToro support will never contact you via WhatsApp or Telegram to ask for fund transfers or passwords.
• Phishing Defense: Treat any email claiming a “problem with your deposit” with extreme suspicion. Login directly to the eToro app to check notifications rather than clicking email links.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com