Robinhood hack exposes data from millions of customers
An attacker socially engineered an employee at the stock-trading platform to gain access to customer support systems
Robinhood has revealed that an unauthorised third party has gained access to millions of customers’ data, adding to the company’s troublesome 2021.
The stock-trading platform said in a blog post that on 3 November a hacker socially engineered a customer support employee by phone and obtained access to certain customer support systems. The company said the unauthorised party obtained a list of email addresses for approximately five million people, and full names for a different group of two million people.
Robinhood added that for around 310 people, personal information like name, date of birth, and zip code were exposed, with a subset of around 10 customers having more extensive account details revealed, although it did not disclose what these details were.
Following the breach, the unauthorised party demanded an extortion payment, said the company, which informed law enforcement and is continuing to investigate the incident with the help of an outside security firm.
Robinhood is also in the process of making disclosures to those affected but believes that no social security numbers, bank account numbers, or debit card numbers were exposed. There has been no financial loss to any customers as a result of the incident.
RELATED RESOURCE
2021 state of email security report: Ransomware on the rise
Securing the enterprise in the COVID world
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood chief security officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
2021 has been a tricky year for Robinhood, which was summoned to a Congressional hearing in February after the company’s app facilitated a January GameStop squeeze. It was instigated by the subreddit r/WallStreetBets and the platform decided to halt trade on popular stocks, as reported by The Verge.
In July, the company had the worst debut ever for an IPO of its size, according to Bloomberg. Shares in the broker fell 8.4% below the IPO price in the company’s first trading session, the worst debut among 51 US firms that raised as much cash as Robinhood or more.
-
Pulsant unveils high-density data center in Milton KeynesNews The company is touting ultra-low latency, international connectivity, and UK sovereign compute power to tempt customers out of London
-
Anthropic Labs chief claims 'Claude is now writing Claude'News Internal teams at Anthropic are supercharging production and shoring up code security with Claude, claims executive
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
-
Thousands of Microsoft Teams users are being targeted in a new phishing campaignNews Microsoft Teams users should be on the alert, according to researchers at Check Point
-
Microsoft warns of rising AitM phishing attacks on energy sectorNews The campaign abused SharePoint file sharing services to deliver phishing payloads and altered inbox rules to maintain persistence
-
Warning issued as surge in OAuth device code phishing leads to M365 account takeoversNews Successful attacks enable full M365 account access, opening the door to data theft, lateral movement, and persistent compromise
-
Amazon CSO Stephen Schmidt says the company has rejected more than 1,800 fake North Korean job applicants in 18 months – but one managed to slip through the netNews Analysis from Amazon highlights the growing scale of North Korean-backed "fake IT worker" campaigns
-
Complacent Gen Z and Millennial workers are more likely to be duped by social engineering attacksNews Overconfidence and a lack of security training are putting organizations at risk
-
Hackers are abusing ConnectWise ScreenConnect, againNews A new spear phishing campaign has targeted more than 900 organizations with fake invitations from platforms like Zoom and Microsoft Teams.
-
The Allianz Life data breach just took a huge turn for the worseNews Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
