Customers’ Email and Names Were Stolen in a Robinhood Hack

by -
Photo: Justin Sullivan (Getty Images) – It was revealed Monday that a social engineering campaign had compromised the identities and e-mail addresses of millions of users on the trading site. When someone tried to extort popular investing and trading site Robinhood, they obtained millions of email addresses and complete identities from its users.

Blog post published on Monday highlighted the security breach, but assured users that no money had been lost as a consequence of the event.

Personal information belonging to a small percentage of our customers was accessed by a “unauthorized third party,” but the breach had been controlled and “no financial harm to any customers” had been avoided, the business said in a statement.

Apparently a social engineering strategy targeted the customer service representative who was attacked on November 3rd. As a result, the hacker was able to access “certain customer support systems” and get access to the email addresses of nearly 5 million consumers, according to the company’s statement.

According to the blog post, “We also suspect that for a lesser number of people—about 310 in total—additional personal information,” including the name and date of birth and zip code, was disclosed. A subgroup of around 10 users had more complete account details released.

After that, the thief used the stolen data to try to extort the business.

“Social Security numbers, bank account information, or debit card numbers were not compromised in the incident,” a Robinhood official confirmed to Gizmodo.

Casey Becker, the Robinhood corporate communications manager, said, “I can also confirm that we’ve contacted the proper authorities.” Currently, “we don’t have any other information to provide beyond the blog post.”

In addition, Robinhood is partnering with Mandiant, a top cybersecurity company, to examine the situation further.

A link to Robinhood’s Account Security page has been included in a blog post. However, fraudsters may readily turn a stolen email address or identity into a weapon. There are a number of ways hackers might try to get their hands on your personal information, such as by obtaining it via open-source or illegal methods.