Robinhood Trading App Security Breach
Reading Time: 2 minutes

Robinhood trading app security breach leads to exposing 7 million users’ information. Unidentified threat actors managed to gain unauthorized access to the personal information of nearly a third of its user base

Robinhood is an advisory said, “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.”

The incident took place late in the evening of November 3, after which the commission-free stock trading and investing platform started the process of notifying affected users.

The threat actors managed to socially engineer a customer service representative to gain access to internal support systems. This enabled them to obtain the email addresses of five million users, full names for a different group of about two million people. Other additional information they gained access to as names, dates of birth, and zip codes for a limited set of 310 more users.

According to Robinhood, “After we contained the intrusion, the unauthorized party demanded an extortion payment. It promptly informed law enforcement and is continuing to investigate the incident with the help of Mandiant.”

The email addresses also included previously deactivated accounts. Robinhood’s terms suggest it is done since regulations require it to preserve certain books and records.

Robinhood on its support page mentioned, “We take the security of all collected data extremely seriously, and we don’t intend to use this data for anything beyond the fulfillment of our regulatory requirements.”

The investing platform in the wake of the breach has advised its users to visit Help Center > My Account & Login > Account Security to secure their accounts with two-factor authentication.

Related Articles:

Central Depository Services Limited Leaked 44 Million Investors Personal Information Twice
Critical Vulnerabilities in Philips TASY EMR Can Expose Patient Data
U.K. Man Involved in Twitter hacking charged in NY With Cryptocurrency Theft