Main Highlights:
- Robinhood in a news release stated that a data breach compromised the personal information of more than seven million consumers. But, no Social Security numbers have been revealed.
- The attacker obtained a list of around 5 million people’s email addresses and the full names of another 2 million people.
- Following the attack’s containment, Robinhood stated that an unauthorized third party requested an “extortion payment,” The business alerted law enforcement but did not specify if it made any payments.
- Robinhood has had a bumpy start to the year; in January, it ceased trading while Redditors assisted in driving up the prices of so-called meme stocks such as GameStop and AMC Theaters.
- According to Bloomberg data, the company began trading on the Nasdaq exchange in July, with the poorest market debut of 51 US companies that raised as much money or more than Robinhood.
The trading platform Robinhood said on Monday that a data breach on November 3rd compromised the personal information of more than seven million consumers. Consumers have reported that they have suffered no “financial damage” due to the breach, which appears to have excluded the disclosure of Social Security numbers, bank account numbers, or debit card details.
According to Robinhood, an unnamed third party acquired access to its customer support systems by impersonating a customer service agent during a phone conversation. The attacker collected approximately 5 million email addresses and the full names of roughly 2 million people. Personal information such as names, dates of birth, and zip codes were made public for a smaller group of approximately 310 people. Also, more detailed account details were made public for about 10 users.
However, the ten clients’ Social Security numbers were not accessed by the hacker. A spokeswoman for the company said, “we believe that no Social Security numbers, bank account numbers, or debit card information were shared.” The company claims it is working to reach out to those affected, but it is unclear if any consumers were explicitly targeted in the event. Also, no customers have suffered “financial loss” due to the incident.
Notifying the Robinhood community
According to Caleb Sima, Robinhood’s chief security officer, notifying the entire Robinhood community of this occurrence at this time is the proper course of action. Following the successful containment of the attack by Robinhood, an “extortion payment” was sought, and the business alerted law enforcement. Still, it did not disclose if it had given any money to the hackers.
Robinhood has retained the services of an outside security firm to aid them in their investigation of the event. Mandiant’s Charles Carmakal, the company’s chief technology officer, said “we expect to target and extort other organizations over the coming several months.” “We have seen this threat actor in a tiny number of security events recently,” says the researcher. He didn’t go into any further detail about what happened.
Customers who wish to find out if their accounts have been affected should go to the company’s website and look under the assistance tab.
Meme stocks
Redditors were instrumental in driving up the prices of so-called meme stocks such as GameStop and AMC Theaters, and Robinhood halted operations in January. Due to this development, Reddit CEO Steve Huffman and RoaringKitty trader Keith Gill testified at a Congressional committee.
According to the Bloomberg data service statistics, Robinhood had the worst market debut among 51 US companies that raised as much money as or more than Robinhood. Tenev’s phone was searched by the United States Attorney’s Office for the Northern District of California, according to the S-1 document filed by Robinhood. Tenev was charged with securities fraud.