Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor.
The commission-free stock trading and investing platform said the incident happened “late in the evening of November 3,” adding it’s in the process of notifying affected users.
“Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” the Silicon Valley financial company noted.
The malicious third-party is believed to have socially engineered a customer service representative to gain access to internal support systems, using it to obtain the email addresses of five million users, full names for a different group of about two million people, and additional information such as names, dates of birth, and zip codes for a limited set of 310 more users.
Of the latter, at least 10 customers have had their “extensive account details” revealed. However, the company did not provide further specifics about what those “extensive” details were.
But once the breach was reined in, Robinhood said the infiltrator demanded an extortion payment in exchange for the stolen data, prompting the firm to involve law enforcement authorities in the matter. It’s not immediately clear if the ransom demands were met, and if so, how much money was involved.
Robinhood Data Breach
Interestingly, the list of email addresses also includes accounts that have been previously deactivated. According to Robinhood’s terms, this is done so “because regulations require us to preserve certain books and records.”
“We take the security of all collected data extremely seriously, and we don’t intend to use this data for anything beyond the fulfillment of our regulatory requirements,” the company points out on a support page. In the wake of the breach, Robinhood is recommending users to visit Help Center > My Account & Login > Account Security to secure their accounts with two-factor authentication.
What is Robinhood?
According to Wikipedia, Robinhood was founded in April 2013 by Vladimir Tenev and Baiju Bhatt, who had previously built high-frequency trading platforms for financial institutions in New York City. The company’s name comes from its mission to “provide everyone with access to the financial markets, not just the wealthy”. Tenev noted that executing a trade cost brokerages “fractions of a penny” but they typically charged fees of $5 to $10 per trade, as well as required account minimums of $500 to $5,000. Robinhood Markets, Inc. is an American financial services company headquartered in Menlo Park, California, known for pioneering commission-free trades of stocks, exchange-traded funds, and cryptocurrencies via a mobile app introduced in March 2015. Robinhood is a FINRA-regulated broker-dealer, registered with the U.S. Securities and Exchange Commission, and is a member of the Securities Investor Protection Corporation. The company’s revenue comes from three main sources: interest earned on customers’ cash balances, selling order information to high-frequency traders (a practice for which the SEC opened an investigation into the company in September 2020), and margin lending. As of 2021, Robinhood has 31 million users.
Did you find out?
We have started to offer information security & outsourcing services. Learn more HERE.
Do you have a small business? Get a security assessment for free! Contact Us now for more details.
If you find it interesting, you can read:
- Hack Tutorial #1: Free Hacking Tools for Ethical Hackers
- Hack Tutorial #2: List of HTTP status codes
- Hack Tutorial #3: Recover, Move or Hack WhatsApp account using WhatsDumpExtractor
- Hack Tutorial #4: List of Common Ports in networking
- Hack Tutorial #5: Free Cyber Security Basics Course
- The 15 biggest data breaches of the 21st century
- Security Guide: Keeping Your Business Safe Online and Offline 2021
- Cybersecurity Statistics for 2021
- Step by Step Tutorial – How To Perform A Network Security Vulnerability Assessment
- Vulnerability Management Process: Scanning, Prioritizing, and Remediating