Stock and cryptocurrency trading application Robinhood mentioned Monday that a cyber intruder hacked into the company’s methods past week and snatched the own information of hundreds of thousands of buyers.
The attack took location on November 3, Robinhood reported in a weblog submit. The hacker attained access to specified Robinhood buyer guidance units by impersonating a buyer support agent around the phone—a tactic identified as voice phishing.
The cyber assault afflicted extra than seven million accounts, about a 3rd of Robinhood people. Information exposed incorporate:
- E mail addresses for around five million people
- Entire names for a different team of two million people today
- About 310 folks endured reduction of supplemental individual information, which includes name, day of delivery and zip code
- 10 shoppers experienced “more considerable account specifics revealed.â€
“No social security quantities, lender account quantities, or debit card numbers had been uncovered,†Robinhood stated, adding that no financial decline to any consumers was identified as a end result of the incident.
Robinhood explained it’s in the system of notifying impacted people and encourages buyers to transform on two-factor authentication in their account security setting.
The business stated a ransom payment was demanded following the incident was contained. It has knowledgeable regulation enforcement and employed the outside the house security agency Mandiant to investigate the incident.
In the S-1 filing with the SEC ahead of its IPO, Robinhood observed an enhanced hazard of cybersecurity incidents thanks to remote work through the pandemic. “Due to the present-day COVID-19 pandemic, there is an enhanced possibility that we might knowledge cybersecurity-connected incidents as a result of our employees, support suppliers and other third functions functioning remotely on much less secure systems and environments,†it claimed in the filing. “Controls employed by our information and facts technological innovation office and our consumers and 3rd-party company suppliers, like cloud vendors, could establish insufficient.
