U.S. equity trading platform Robinhood has released details of a data breach that leaked information about millions of its clients.
A threat actor reportedly gained access to vital systems after calling a Robinhood customer service employee and using social engineering to gain access to the data.
Hackers have stolen information belonging to seven million app users, including five million email addresses, names of two million people, dates of birth and zip codes of up to 300 people.
Robinhood has announced that a “security incident” has occurred, but they do not believe that any social security number, account number or debit card information has been disclosed.
Moreover, there does not appear to have been any financial loss for the users of the company so far. The breach has now been contained, Robinhood said.
In a blog post yesterday, the company commented, “Late on the evening of November 3, we experienced a data security incident. An unauthorized third party has gained access to a limited amount of personal information for some of our customers.
“After we contained the intrusion, the unauthorized party demanded an extortion payment. We promptly briefed law enforcement and continue to investigate the incident with the help of Mandiant, a leading external security company. “
Adding to the blog post, Robinhood Safety Officer Caleb Sima said: “As a Safety-First company, we owe it to our customers to be transparent and act with integrity.
“After careful consideration, informing the entire Robinhood community of this incident is now the right thing to do.”
Robinhood suggested that users visit their Help Center for more information and to change password information.
This is not the first time that Robinhood has been the target of a sophisticated hack on its systems. As recently as October of last year, the company confirmed that a “limited number” of accounts were targeted by criminals, but its services were never officially hacked.
At the time, Bloomberg reported that nearly 2,000 of the company’s customers had their accounts compromised.
The attack also follows a wave of data breaches by large organizations around the world in recent months, which appear to have become more common during the coronavirus pandemic.
Last month, Amazon-owned online streaming platform Twitch suffered a major data breach across its services, the leak of source code and sensitive information such as user payments and revenue. streamers.
According to a claim by an anonymous hacker, 128 GB of data was tied to a 4chan page in an attempt to disrupt the online video streaming space and stimulate “competition” as the online streaming community is a “Disgusting toxic cesspool”.
Commenting on the Robinhood breach, Trevor Morgan, product manager at comforte AG, said social engineering attacks like this are an easy way for hackers to gain access: “Each of us has been exposed (probably very recently) to social engineering tips. whether through electronic calls to click on a link or initiate an attachment or other forms of deceptive communication.
“Robinhood’s own organization has succumbed to this ‘low-tech’ approach to bypassing data protection methods. All it takes is a moment of inattention or gullibility, and the menacing actor applying social engineering techniques is one step closer to the ultimate goal. “
He continued, “We’ve all gotten used to working faster and getting information out as fast as possible, but that’s exactly the vulnerability that social engineering feeds on.
“Failure to take the time to inspect emails, to think through a situation without haste or pressure, or to confirm a request to ensure the legitimacy of the requester is the fatal flaw.”
Get the latest news from FIGURE straight to your inbox
Our newsletter covers the latest tech and IT news from Scotland and beyond, as well as in-depth reporting and exclusive interviews with personalities and rising stars.
We’ll keep you up to date on critical issues impacting the industry and let you know about key upcoming events to make sure you don’t miss out on what’s happening in the Scottish tech community.
Click here to subscribe.