Robinhood data breach exposed 7 million customers2021-11-09 18:28 by Daniela
Tags: Robinhood, hackers, security breach
Online stock trading platform Robinhood has confirmed it was hacked last week. The incident occurred on Nov. 3, when a hacker called a Robinhood customer support employee and used social engineering tricks to dupe them into giving up access to certain customer support systems.
The largest part of the breach leaked email addresses for about 5 million customers, according to the company's press release, with full names being leaked for a separate 2 million customers. That same press release indicated that 310 people may have names, dates of birth and ZIP codes leaked, and "more extensive account details" for roughly 10 customers. No Social Security, bank account or debit card information is believed to have been exposed. The company says it's in the process of contacting the people affected by the breach.
After it was able to contain the attack, Robinhood said the unauthorized third party sought an "extortion payment," and the company notified law enforcement but did not say whether it had made any payments. Robinhood enlisted the help of outside security firm Mandiant as it investigates the incident. Charles Carmakal, CTO of Mandiant, said in a statement emailed to The Verge that it had "recently observed this threat actor in a limited number of security incidents, and we expect they will continue to target and extort other organizations over the next several months."
In the meantime, the company recommends that users beware of email phishing scams that could impersonate Robinhood or other companies. But more importantly, you should use two-factor authentication and chat only with verified profiles on social networks.
Read more -here-