The popular investment and trading platform Robinhood has been hacked and subjected to an extortion attempt by unknown threat actors who managed to gain access to millions of users’ full names and email addresses.
The trading platform said in a blog post that the security incident took place on Wednesday and that the attack has since been contained. The platform assured investors that nobody had lost any money as a result of the breach.
“Based on our investigation, [...] we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” reads the company’s statement.
According to Robinhood, the attackers “obtained access to certain customer support systems” by socially engineering a customer support employee by phone.
What data was stolen?
The trading platform explained that the unauthorized party acquired a list of about five million email addresses, as well as full names of “a different group of approximately two million people.”
The attackers also gained access to additional personally identifiable information of 310 users, including their includes names, dates of birth, and ZIP codes. A further 10 Robinhood customers had more extensive account information stolen.
Following the containment of the breach, a ransom payment was demanded by the threat actors. Robinhood said it has promptly informed law enforcement about the breach and continues to investigate the incident with the help of third-party security firm Mandiant.
While most of the stolen user data isn’t deeply sensitive, even email addresses and full names can be used by threat actors against potential victims in multiple ways by:
- Carrying out targeted phishing and other social engineering campaigns.
- Spamming five million email addresses.
- Brute-forcing the passwords of the affected Robinhood accounts.
If you have a Robinhood account, we recommend you:
- Visit Robinhood’s Help Center > My Account & Login > Account Security for more information on how to secure your account.
- Change the password of your Robinhood account and enable two-factor authentication (2FA).
- Consider using a password manager to create strong passwords and store them securely.
Also, watch out for potential phishing emails and text messages. Again, don’t click on anything suspicious or respond to anyone you don’t know.
Update: stolen Robinhood data is now being sold on hacker forum
On November 15, BleepingComputer reported that a hacker forum user named 'pompompurin' was selling the stolen Robinhood investor data “for at least five figures, which is $10,000 or higher.”
In a forum post, pompompurin said he was selling 7 million Robinhood customers' stolen information for at least five figures, which is $10,000 or higher.
The data put for sale by the threat actor includes 5 million user emails, as well as a batch of email addresses and full names that belong to another group of 2 million Robinhood investors.
According to BleepingComputer, pompompurin was also responsible for the recent FBI email hack, where tens of thousands of fake email messages were sent from an FBI email address.
More from CyberNews
Subscribe to our newsletter