Robinhood disclosed a security breach, an unidentified threat actor gained unauthorized access to approximately 7 million customer records.
Robinhood Markets, Inc. is an American commission-free stock trading and investing platform, it had 18 million accounts as of March 2021, with over $80 billion in assets. The company disclosed a data breach, a threat actor gained access to the personal information of approximately 7 million customers.
According to the data breach notification published by the company on its website, the security breach took place in the evening of November 3, 2021. The financial organization claims that no financial data either Social Security numbers have been exposed.
“An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers. Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.” reads the announcement published by the company.
The threat actor tricked a customer service representative into providing it access to internal support systems. Once obtained access to these systems, the attacker accessed the email addresses of five million users and full names for a different group of approximately two million people. The attacker also gained access to full names for a different group of about two million people, and additional information such as names, dates of birth, and zip codes for a small group of 310 more users.
The company warns that more extensive account details were exposed for approximately 10 customers.
The attacker also attempted to blackmail the company demanding the payment of the ransomware. Robinhood reported the data breach to law enforcement.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood Chief Security Officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
“If you are a customer looking for information on how to keep your account secure, please visit Help Center > My Account & Login > Account Security. When in doubt, log in to view messages from Robinhood—we’ll never include a link to access your account in a security alert.” concludes the announcement.
(SecurityAffairs – hacking, Robinhood)