Robinhood Hack Sees Millions Of Users’ Data Exposed
Robinhood recently announced that its systems had been breached, leaving the data of millions of users exposed. The trading app is one of the most popular for trading stocks and with the advent of meme coins, has become one of the first contact points for new investors looking to get into crypto investing. This has boosted its user base to more than 22 million in 2021, all of whom were left vulnerable in the data breach.
Robinhood Gets Hacked
The attack had taken place on November 3rd, according to Robinhood. The attacker had gained access by calling a customer service rep of the company and somehow gained access to the support systems through the call. Robinhood had caught the breach when it had occurred and had followed up with the appropriate authorities to keep its systems safe. However, the attacker was already able to get a hold of millions of users’ data before the breach could be contained.
The perpetrator had threatened to take action with the data they had acquired. But Robinhood confirmed that it was indeed not a ransomware attack, declining to state if the attacker had had for a ransom and if one had been provided.
About 7 million people in total were compromised in the breach, although to varying degrees. The vast majority of the affected users, about 5 million, had their email addresses compromised. Further 2 million users had their email addresses and full names stolen in the hack. While a smaller portion suffered more extensive data breaches as Robinhood announced that about 310 users had their email addresses, full names breached, in addition to birth dates and ZIP. Ten users saw the attacker take more of their data, but Robinhood did not reveal what data was compromised in their cases.
Implications Of The Hack
After news of the hack broke, Robinhood shares had fallen 3% in extended trading on Monday. This was not a big loss. However, the bigger implications were the effects a hack like this can have on users who had their data stolen.
The company had admitted that about 7 million customers had had their data compromised. This data could be sold on the dark web by the attacker, which could be used to carry out further personal attacks on the users affected in the data breach. Users will need to change their details on the platform to ensure that their accounts stay safe.
Nevertheless, Robinhood has assured users that it has the breach had been contained. No user funds were lost, and no Social Security, bank account, or credit/debit card numbers were exposed in the breach.
Robinhood enlisted the help of security firm Mandiant Inc. to help investigate the data breach. CTO of Mandiant, Charles Carmakal, said that the company had “conducted a thorough investigation to assess the impact” of the breach. Carmakal also revealed that his firm expects the attack to target other organizations, in the same way, going forward.Source