Robinhood Markets, Inc. is an American commission-free stock trading and investing platform, it had 18 million accounts as of March 2021, with over $80 billion in assets. The company disclosed a data breach, a threat actor gained access to the personal information of approximately 7 million customers.
According to the data breach notification published by the company on its website, the security breach took place in the evening of November 3, 2021. The financial organization claims that no financial data either Social Security numbers have been exposed.
“An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers. Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.” reads the announcement published by the company.
The threat actor tricked a customer service representative into providing it access to internal support systems. Once obtained access to these systems, the attacker accessed the email addresses of five million users and full names for a different group of approximately two million people. The attacker also gained access to full names for a different group of about two million people, and additional information such as names, dates of birth, and zip codes for a small group of 310 more users.
The company warns that more extensive account details were exposed for approximately 10 customers.
The attacker also attempted to blackmail the company demanding the payment of the ransomware. Robinhood reported the data breach to law enforcement.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood Chief Security Officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
“If you are a customer looking for information on how to keep your account secure, please visit Help Center > My Account & Login > Account Security. When in doubt, log in to view messages from Robinhood—we’ll never include a link to access your account in a security alert.” concludes the announcement.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Robinhood)
[adrotate banner=”5″]
[adrotate banner=”13″]
Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats…
Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a…
GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a…
The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on…
PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and…
Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams…
This website uses cookies.