Breach Notification , Incident & Breach Response , Security Operations

Robinhood Reveals Data Breach and Extortion Shakedown

7 Million Customers' Names and Email Addresses Stolen via Social Engineering Attack
Robinhood Reveals Data Breach and Extortion Shakedown

Financial services firm Robinhood Markets says an attacker has gained access to its customer support system, stolen account details for 7 million people and then attempted to extort the company.

See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response

Robinhood, which is based in Menlo Park, California, offers commission-free trading of stock, funds and cryptocurrency.

The company, in a Monday blog post, says the attacker tricked a customer support employee over the phone on Wednesday, which led to the attacker gaining "access to certain customer support systems."

The attacker obtained email addresses for 5 million people and full names for a "different group" of 2 million people, Robinhood says.

More personal information and data, meanwhile, were also stolen, albeit for a smaller number of customers. For 310 individuals, this stolen data included their name, birthdate and ZIP code. A group of 10 customers also had "more extensive account details revealed," but Robinhood did not specify the precise information stolen by the attacker.

"Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident," Robinhood says.

Robinhood didn't describe the attacker's extortion demand.

The company says it has alerted law enforcement authorities to the incident and brought in digital forensics firm Mandiant to investigate.

Reached for comment on Monday, Robinhood shared a statement attributed to Mandiant's CTO, Charles Carmakal, saying that his investigators had "recently observed this threat actor in a limited number of security incidents, and we expect they will continue to target and extort other organizations over the next several months."

What is the risk posed to Robinhood customers by this data breach? If the email addresses are publicly exposed or sold, it will leave them at heightened risk of being targeted with phishing emails. Such illicit communications often attempt to trick message recipients into divulging their account credentials, for example, by routing them to a fake look-alike site designed to harvest credentials. Another common phishing tactic is to disguise the message as a legitimate communication that instructs a recipient to open a malicious attachment or visit a malicious site that is designed to infect their system with malware.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.