#Warning #Wealthica #BudgetingApps #NetworthTracker
Hey everyone! 😱 I had a scary experience with Wealthica that I wanted to share with you all.
So, I decided to give Wealthica a try to track my net worth and budget, and within 2 days, someone tried to drain my accounts. 😳 Here’s what happened and what I learned:
– Connected all my accounts to Wealthica, including TD, WS, QT
– Received texts/emails about unauthorized activity on my TD accounts
– Had to go to the branch, deal with fraud team, and get new cards/accounts set up
– Deleted my Wealthica account immediately
Lesson learned: Be cautious when using budgeting and net worth tracking apps! 👀
Possible solutions:
– Consider using Google Sheets for manual tracking
– Enable additional security measures like 2FA and authenticator apps
– Regularly monitor your accounts for any suspicious activity
Has anyone else had a similar experience or have advice to share? Let’s help each other stay safe! 💪 #StaySafe #Cybersecurity #PersonalFinance
I assume you have changed all your passwords now?
Thanks for sharing.
When you say “connected all your accounts”, what exactly does that mean?
Is it like Flinks, where you literally give them your credentials to log in (which they *promise* will be safe, while at the same time explicitly say they are not responsible if something *does* happen)?
Or is it more like when I connect an account in Tangerine, where I just give the transit and account numbers, and they send a couple random tiny deposits and I tell them what they sent to prove I have control of the account?
Or something else?
The Tangerine method seems to be the only safe way since we do not have open banking in Canada yet. I’ve so far avoided anything like the Flinks model, as sooner or later something like you described was bound to happen to somebody.
You seem unsure if it was wealthica even in your own post. this could actually be coincidence as you said, only one account was compromised. Wealthica also has 2fa so I presume you have it set up using the with app as well?
Why is it not possible the breach with TD? They are by far the least secure service you’re using and the issue appears isolated.
I would just caution slamming a service without a bit more info. Most networth online services are read only api with sophisticated security protocols and encryption.
have you contacted wealthica?
Until we get public and officially supported OAuth2 APIs for consumer use from our institutions it’s manual transaction exports for me. It is against your cardholder agreement and online access terms of service to provide your credentials to Plaid, YNAB, etc. Banks can use this breach of terms as a reason to **deny** a future fraud claim if it relates to online access. It is not worth it.
Edit: Proof and example from CIBC:
[https://www.cibc.com/en/privacy-security/protect-yourself-3rd-party-apps.html](https://www.cibc.com/en/privacy-security/protect-yourself-3rd-party-apps.html)
“Please be aware that CIBC will not be responsible for any harm that may result from sharing your online banking credentials with third parties as this is a breach of your electronic access agreement.”
I’ve used Wealthica for numerous years. Never an issue.
i love Wealthica. using it for years with no issue. I have full trust in them with my logins. Super convenient wealth tracker. Cheaper than paying an advisor
Do you have 2fa with TD?