Hacker Hits Robinhood to Steal Email Addresses From 5 Million Users
Stock and cryptocurrency trading app Robinhood is reporting
a data breach that exposed email addresses for 5 million users and full names
for another 2 million.
The incident occurred on Nov. 3, when a hacker called a
Robinhood customer support employee and used social engineering tricks to dupe
them into giving up access to certain customer support systems.
“Based on our investigation, the attack has been contained
and we believe that no Social Security numbers, bank account numbers, or debit
card numbers were exposed and that there has been no financial loss to any
customers as a result of the incident,” the company wrote in a blog post on
Monday.
Instead, Robinhood has only uncovered evidence that the
hacker “obtained a list of email addresses for approximately five million
people, and full names for a different group of approximately two million
people.
“We also believe that for a more limited number of people
—approximately 310 in total— additional personal information, including name,
date of birth, and ZIP code, was exposed, with a subset of approximately 10
customers having more extensive account details revealed,” Robinhood said,
without elaborating.
The hacker also issued an extortion demand to Robinhood;
it's unclear if the company paid up. But Robinhood has since notified law
enforcement and hired security firm Mandiant to investigate the incident.
In addition, the company plans on notifying all affected
users about the breach. The email from the Robinhood is apparently warning
users to be on guard against phishing attacks that’ll try to impersonate the
company in an effort to hijack access to a user’s account.
“If you are a customer looking for information on how to
keep your account secure, please visit Help Center > My Account & Login
> Account Security,” the company added. “When in doubt, log in to view
messages from Robinhood —we’ll never include a link to access your account in a
security alert.”
Comments
Post a Comment