Robinhood Hacked, Affects Information of 7 Million People

Person Information such as Names, email addresses and in some cases, the DOBs and zip codes, of Robinhood customers were exposed.

Robinhood stock trading platform revealed a data breach after its systems were hacked and a threat actor gained access to the personal information of around 7 million clients.

The attack occurred on November 3 after a threat actor called a customer support employee and used social engineering to gain access to customer support systems.

After logging into the support systems, the threat creator was able to access customer information, including full names, email addresses and, for a limited number of people, birth data and zip codes.

Read also

Volkswagen: Jefferies lowers target price by 100 euros

Amazon Introduced an Awesome and Useful Alexa Feature

“At this time, we know that the unauthorized party has obtained a list of email addresses of about five million people and the full names of a different group of about two million people,” revealed a blog post published today in security incident.

“We also believe that for a more limited number of people, about 310 in total, additional personal information was exposed, including name, date of birth, and zip code, with a subset of about 10 customers revealing more details of the account. Extended “.

After learning of the attack and protecting his systems, RobinHood also received an extortion request. Although Robinhood did not provide any details about the extortion request, it was likely that the stolen data would have been leaked if the Bitcoin ransom had not been paid.

RobinHood says they are continuing to investigate the incident with the help of Mandiant, a well-known cybersecurity company commonly used to respond to incidents after attacks.

“As a company Safety First, we owe it to our customers to be transparent and act with integrity,” said Caleb Sima, Robinhood’s Chief Security Officer. “After diligent review, informing the entire Robinhood community of this incident is now the right thing to do.”

In 2019, Robinhood advised users to reset all their passwords after they were found to be stored on their system in a human-readable format, also known as plain text.

Although Robinhood did not detect any unauthorized access to these passwords, it could have allowed employees to view customer passwords.

With this latest incident, the passwords were not exposed and there seems to be no reason to change the passwords. However, since the attacker has access to internal systems, it would not hurt to change the password to be more prudent.

BleepingComputer has contacted RobinHood and will update the story if more details are available.

Other News

Back to top button