• The trading company stated that a hacker gained access to email IDs of 5 million users and full names of 2 million users.
• The unauthorized third party also sought an ‘extortion payment’, following which the company notified the incident to law enforcement.

Trading app Robinhood has announced that personal data of 7 million users was leaked during a security breach on November 3rd. 

A spokesperson stated that information like bank account numbers, social security numbers, or debit card numbers have not been exposed, and none of the users have faced financial losses due to the security breach.  

Robinhood claims that an unauthorized third party socially engineered a customer support executive by phone and gained access to around 5 million email addresses and full names of a separate group of 2 million users. Additional personal information, such as names, dates of birth, and zip codes, were exposed for a smaller group of roughly 310 users.

On a more severe note, the company revealed that extensive account details for about 10 users have been accessed. However, it is yet to confirm the nature of the ‘extensive details’.

Moreover, the firm stated that the unauthorized third party demanded an ‘extortion payment’. The trading platform has alerted law enforcement, but whether it had made any payments to the hackers remains undisclosed. The company has also enlisted the assistance of cyber security firm Mandiant for investigation.

Charles Carmakal, CTO of Mandiant, was quoted saying that the company has recently come across this threat factor in several security incidents and expects that they will continue to extort other similar organizations over the next several months.

Robinhood Chief Security Officer Caleb Sima will reportedly perform a diligent review and focus on notifying the users whose accounts have been affected by the incident. Customers can also raise the query on the help center of the company’s website to know if their accounts were affected.

Source Credits:

https://www.theverge.com/2021/11/8/22770861/robinhood-7-million-customers-hacker-breach-extortion-security