Hacker News new | past | comments | ask | show | jobs | submit login
Former employee downloaded Cash App account info of 8.2M users (SEC Form 8k) (sec.gov)
61 points by resalisbury on April 15, 2022 | hide | past | favorite | 11 comments

Several unclear things:

First, the filing only mentions that they are contacting 8.2 million customers. It doesn’t confirm that those customers definitely had their data accessed. So it’d be interesting to know what their level of confidence/precaution is there.

> The information in the reports included full name and brokerage account number (this is the unique identification number associated with a customer’s stock activity on Cash App Investing), and for some customers also included brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day.

The “some customers” is doing heavy lifting here. If that’s 10%, that’d be enormously damaging, particularly if we’re talking about millions of customers. That information is potentially very dangerous in the wrong hands

Why is trading history and balances "very dangerous in the wrong hands"?

Cash App (Square / Block) is basically a Dumpster fire. Their management team is horrible and they utterly hate their customers. Run, don't walk, away from this application if you can avoid using it.

Use one of the other terrible options instead, e.g. Venmo.

Does anyone know why American banking sucks so much there are a myriad of apps trying to sidestep it? Over here in the EU, we have neobanks which are app-only, have great features for their price(often with a free tier), which has forced old traditional banks to innovate and get close to their level. What stops the US banking market from evolving?

The US has tons of online-only/app only banks too with free accounts.

Try sending someone money in the US.

I tried Venmo for a short time, and I think their dumpster is on fire too.

Just get a real deposit account that supports Zelle.

it was very limited

The reports did not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information. They also did not include any security code, access code, or password used to access Cash App accounts. Other Cash App products and features (other than stock activity) and customers outside of the United States were not impacted.

It was full names, brokerage numbers, and some account balances with trading activity.

It's a financial sales list, which is incredibly valuable. If you don't agree, then watch the movie Glengarry Glen Ross.

One could make billions furtively if they could.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact