Robinhood trading app suffers data breach exposing 7 million users’ information!

Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor.

The commission-free stock trading and investing platform said the incident happened „late in the evening of November 3,” adding it’s in the process of notifying affected users.

„Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” the Silicon Valley financial company noted.

The malicious third-party is believed to have socially engineered a customer service representative to gain access to internal support systems, using it to obtain the email addresses of five million users, full names for a different group of about two million people, and additional information such as names, dates of birth, and zip codes for a limited set of 310 more users.

Of the latter, at least 10 customers have had their „extensive account details” revealed. However, the company did not provide further specifics about what those „extensive” details were.

But once the breach was reined in, Robinhood said the infiltrator demanded an extortion payment in exchange for the stolen data, prompting the firm to involve law enforcement authorities in the matter. It’s not immediately clear if the ransom demands were met, and if so, how much money was involved.

Interestingly, the list of email addresses also includes accounts that have been previously deactivated. According to Robinhood’s terms, this is done so „because regulations require us to preserve certain books and records.”

„We take the security of all collected data extremely seriously, and we don’t intend to use this data for anything beyond the fulfillment of our regulatory requirements,” the company points out in a support page. In the wake of the breach, Robinhood is recommending users to visit Help Center > My Account & Login > Account Security to secure their accounts with two-factor authentication.

Podziel się postem :)

Share on facebook
Share on linkedin
Share on twitter
Share on email

Najnowsze:

Bezpieczeństwo

Twój smartfon był szpiegowany? MVT pozwoli to sprawdzić!

Serwis Computerworld przypomniał o aplikacji Mobile Verification Toolkit (MVT), która została opracowana przez Amnesty International, organizację zajmującą się wszelkimi naruszeniami praw człowieka. Aplikacja w formie

Bezpieczeństwo

FluBot powrócił. Malware infekuje smartfony z Androidem

CERT Polska informuje o powrocie szkodliwego oprogramowania znanego jako FluBot. Podobnie jak w poprzednich kampaniach, na jego działanie narażeni są użytkownicy urządzeń z systemem Android.

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany.