Robinhood, a company that provides financial services such as commission-free trading of stocks and exchange-traded funds and cryptocurrencies, said the company has fallen victim to a data breach.
Robinhood made a name for itself mainly by providing stock trading services to regular consumers and rose to prominence early this year when it was at the center of a short squeeze dispute. The company just admitted that it was the victim of a security breach, informing users that some of their data had been compromised.
The company announced that unknown third parties accessed its systems and stole some users' personal data. Robinhood was adamant that no Social Security numbers, bank account numbers, or debit card numbers had been leaked and said its customers suffered no financial loss.
While the fact that Robinhood was the victim of a security breach is relevant, the method hackers used to compromise their systems is a lot more critical. Penetrating a security layer or taking advantage of vulnerabilities might be possible, but criminals have a much easier time going after employees or contractors who already have access to the targeted company.
"The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems," stated the company.
"The unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed,' the company added.
Even after Robinhood contained the intrusion, criminals tried to extort the company by threatening to release the stolen data.
Please keep in mind that the leaked emails addresses and full names could eventually land in the hands of other criminals, who will try to use them in phishing schemes and various types of fraud.
• Beware of any emails or other types of messages seemingly from Robinhood
• Never share your personal information online if asked through emails or messages.
• Contact the company directly via its website or official app
• Change your password and enable multi-factor authentication for all your accounts.
Check if your personal info has been stolen or made public on the internet with Bitdefender's Digital Identity Protection tool. You can actively monitor your digital footprint and benefit from ongoing breach monitoring for five email addresses with instant alerts for new breaches and privacy threats.