Hack Alert: Robinhood exploit leaks personal user details, here’s what happened
The stock and crypto trading giant, Robinhood revealed that they had suffered an exploit incident on their platform recently. In a blog post on its website yesterday, Robinhood informed the community that on the evening of November 3, it experienced a data security incident, which led to an unauthorized third party obtaining access to personal information for a sizeable portion of Robinhood’s customers.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity…Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”, said Robinhood’s Chief Security Officer, Caleb Sima.
However, the company confirmed that they have successfully contained the attack. Yet, Robinhood remains uncertain about users’ financial details being exposed to the attackers, along with no absolute proof to completely discard the possibility of financial loss to any customers as a result of the incident. The company noted that they “believe” based on their investigation that none of these losses occurred during or post hack, however they do not guarantee anything as of now.
Over 7 million Robinhood Users Affected
According to Robinhood’s investigation, the attackers had “socially engineered a customer support employee” via phone and further acquired access to certain customer support systems. As a result of access to these systems, the hackers got their hands on over 7 million users’ personal details including, email addresses for approximately five million people, along with full names of a separate group amounting to approximately two million people.
Furthermore, over 300 users’ additional personal information, such as their name, date of birth, and zip code, was also leaked, with a subset of approximately 10 customers having more extensive account details revealed. Robinhood noted that the company is currently undergoing the process of disclosing information to the affected users.
Additionally, post containment, the attackers demanded an extortion payment from the platform, and Robinhood has conveyed the same to law enforcement. The company is continuing to investigate the incident with the help of the leading outside security firm, Mandiant.Source