English
Arabic
French
Spanish
Portuguese
Deutsch
Turkish
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Greek
- Robinhood has given an account of a recent social engineering hack that resulted in the hacker obtaining 5 million emails, among other personal data.
- No financial losses have been experienced so far, and law enforcement has been informed of attempted blackmail by the hacker.
Popular stock and crypto trading app Robinhood is now the latest victim of a recent data hack. Per the company’s announcement on Tuesday, the hacker made off with sensitive customer personal information including 5 million customer emails.
The “data security incident,” as the company announced on Tuesday, happened as a result of social engineering. The term means psychologically manipulating individuals into divulging critical information that is prone to fraudulent use. Most perpetrators pose as corporate executives to obtain privileged information or to steal money. Attackers could also give fake infection warnings or leave malware-infected drives in a building.
Robinhood says the hacker tricked one of its customer support employees into giving out information that propagated the data breach. The incident, which the company discovered on Nov. 3, is described as follows in a blog post:
The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems. At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people and full names for a different group of approximately two million people.
Robinhood and the data breach
The large trove of data, as Robinhood says, did not include highly sensitive personal information such as Social Security numbers and banking information for the majority of the affected customers. However, the hacker stole names, birth dates, and home addresses for about 310 customers. An additional 10 customers had “more extensive account details revealed.”
The blog post did not mention if specific aspects, such as the company’s budding crypto business, were affected. Nonetheless, it reads that “there has been no financial loss to any customers as a result of the incident.”
At some point, the hacker contacted the company demanding payment in exchange for returning the data. Robinhood, however, contacted law enforcement on the same. Customers were advised to consult the “Account Security” menu on their apps to secure their accounts. Additionally, Robinhood is investigating the event alongside Mandiant, a leading cybersecurity firm.
Just a few weeks ago, Robinhood became the first crypto company offering 24/7 customer service. It is likely that as beneficial as this move was to customers, it also gave the hacker opportunity.
Late last year, crypto website hosting company GoDaddy was hit by a socially engineered cyberattack. No funds were lost but several crypto platforms were affected including liquid.com and NiceHash. Research from Stanford University showed that 88 percent of data breach incidents in 2020 were caused by human (employee) errors, such as in social engineering.
Another crypto company recently victimized by hackers is Coinbase. Over 6,000 customers were robbed of their digital assets after criminals bypassed the SMS two-factor authentication.
