Robinhood Hacked, Details of 7 Million Investors Stolen; Robinhood says a hacker who tried to extort the company got access to data for 7 million customers. The Robinhood trading platform said on Monday that the personal information of more than 7 million customers was accessed during a data breach on November 3.
The company said in a press release that it does not appear that social security numbers, bank account numbers, or debit card numbers have been exposed and that no customers have suffered “financial loss. “because of the incident.
According to goodwordnews, An unauthorized third party “socially engineered a customer support employee over the phone,” Robinhood said and was able to gain access to its customer support systems.
The attacker was able to obtain a list of email addresses for around 5 million people and the full names of a separate group of 2 million people.
Robinhood Hacked, Details of 7 Million Investors Stolen
For a smaller group of about 310 people, additional personal information, including names, dates of birth, and zip codes, was exposed, and for about 10 customers, “more detailed account details” were revealed.
The company did not provide additional information on these “extensive” details, but a spokesperson said in response to a question from The edge that even for these 10 clients, “we believe that no social security number, bank account number, or debit card number was exposed.”
The spokesperson declined to say if any of the customers may have been specifically targeted in the hack, but the company said it was in the process of informing those affected.
“After careful consideration, informing the entire Robinhood community of this incident is now the right thing to do,” Robinhood Security Officer Caleb Sima said in a statement.
Unauthorized Third-Party Demanded Payment
After being able to contain the attack, Robinhood said the unauthorized third party requested an “extortion payment,” and the company notified law enforcement but did not say whether it made any payments. Robinhood brought in outside security firm Mandiant to investigate the incident.
Charles Carmakal, CTO of Mandiant, said in a statement emailed to The edge that he had “recently observed this threatening actor in a limited number of security incidents, and we expect him to continue targeting and extorting other organizations in the coming months.” He did not develop further.
Customers who want to know if their accounts have been affected should visit the Help Center on the company’s website.
Problems Encountered by Robinhood
Robinhood has had a difficult 2021 so far; in January, he halted trading because Redditors helped push up the prices of so-called memes stocks like GameStop and AMC Theaters.
The incidents led to a congressional hearing where CEO Vlad Tenev testified along with Reddit CEO Steve Huffman and trader Keith Gill aka RoaringKitty.
The company began trading on the Nasdaq stock exchange in July, with the worst debut in the market among 51 U.S. companies that raised as much or more money as Robinhood, according to data from Bloomberg.
In his S-1 file, Robinhood acknowledged a recent SEC Enforcement Division investigation and that the United States Attorney’s Office for the Northern District of California executed a search warrant for Tenev’s phone.
