Robinhood hit by data breach exposing emails, names of 7M users

Robinhood is contacting the subset of users most affected by the breach with steps to secure xcritical scammers their account, but for everyone else, the company suggests checking its Account Security support page for ways to increase your account security. Robinhood also said a much smaller group of about 310 people had much more information exposed – including names, dates of birth, and US zip codes. Robinhood also said that it notified law enforcement and is working with outside security firm Mandiant to continue investigating the breach.

He covers tech and gaming for Lifehacker, and has also written for Digital Trends, EGM, Business Insider, IGN, and more. This post was originally published on November 9, 2021 and was updated November 17, 2021 with new information.

Instead of complying with what it called “extortion”, Robinhood said it had notified law-enforcement authorities and hired an external cyber-security firm to help deal with the incident. On Monday, Robinhood recommended customers visit its Help Center, navigate to My Account & Login and check Account Security for more details on how to protect their personal data. Robinhood’s webpage on security best practices suggests people enable two-factor authentication, use a strong password stored in a password manager and use device monitoring to check for fraudulent activity. Whatever lacking security controls that allowed a hacker to trick a Robinhood customer service representative into granting them access to an internal system is a likely focus for its investigation. Still, it’s possible hackers could launch phishing scams and email-based malware attacks using that information, so brush up on how to spot online scams and make sure you’re protecting your devices with reliable anti-malware apps. Since passwords and financial information were unaffected, it is unlikely your bank or other accounts and apps were directly compromised even if someone lifted your email address or full name.

Robinhood shares surge amid frenzied trading

Except as required by law, Robinhood assumes no obligation to update any of the statements in this blog post whether as a result of any new information, future events, changed circumstances, or otherwise. You should read this blog post with the understanding that our actual future results, performance, events, and circumstances might be materially different from what we expect. According to Robinhood’s internal investigation, the breach compromised the email addresses for at least five million accounts and the full names of an additional two million users. Of the compromised accounts, at least 310 also had their zip codes and date of birth information accessed, and 10 users had “extensive account details revealed,” though Robinhood had not disclosed what additional information was compromised. After it was able to contain the attack, Robinhood said the unauthorized third party sought an “extortion payment,” and the company notified law enforcement but did not say whether it had made any payments.

Days later, the company published an updated blog post on Nov. 16 alerting users that over 4,400 of phone numbers were also stolen. Phone numbers were not included in Robinhood’s original data breach disclosure, and their presence in the stolen data makes this a more severe hack than originally assumed. Hackers can use phone numbers to send SMS phishing scams and malware-laced files, or to acquire additional user data via social engineering for account hijacking, SIM Swap attacks, and identity theft. Late in the evening of November 3, we experienced a data security incident. An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers.

Cruise’s robotaxis are coming to the Uber app in 2025

We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze. We continue to believe that the list did not contain Social Security numbers, bank account numbers, or debit card numbers and that there has been no financial loss to any customers as a result of the incident. Trading platform Robinhood said Monday that personal information for more than 7 million customers was accessed during a data breach on November 3rd. The company said in a news release that it does not appear that Social Security numbers, bank account numbers, or debit card numbers were exposed, and no customers have had “financial loss” due to the incident. A then-teenage hacker used social engineering techniques to trick some of Twitter’s employees into thinking the hacker was an employee, allowing the hacker access to an internal Twitter “admin” tool, which he used to hijack high-profile accounts and spread a cryptocurrency scam. In its aftermath, Twitter rolled out security keys to its staff to toughen its defenses against attacks that prevent these kinds of attacks from working in the future.

Popular stock trading app xcritical scammers Robinhood recently experienced a security breach that exposed the personal information of millions of users. While most Robinhood users—and their investments—are apparently safe, a follow-up investigation revealed more information was stolen than originally thought, and users need to take steps to keep their accounts and personal data secure. Trading app Robinhood said in a blog post Monday that millions of its customers’ personal information was exposed in a data breach last week.

Robinhood’s security team successfully secured the compromised database, but the lone hacker then demanded an extortion payment. Robinhood reported the attack to the authorities and to the third-party cybersecurity firm Mandiant instead of complying with the hacker’s demands. Our forward-looking statements are subject to a number of known and unknown risks, uncertainties, assumptions, and other factors that may cause our actual future results, performance, or achievements to differ materially from any future results expressed or implied in this blog post. Because some of these risks and uncertainties cannot be predicted or quantified and some are beyond our control, you should not rely on our forward-looking statements as predictions of future events.

1. A self-custody cryptocurrency wallet, Robinhood Wallet, and related services are offered through Robinhood Non-Custodial, Ltd. (a limited company organized in the Cayman Islands).
2. NEW YORK (AP) — Popular investing app Robinhood said Monday that it suffered a security breach last week where hackers accessed some personal information for roughly 7 million users and demanded a ransom payment.
3. You should read this blog post with the understanding that our actual future results, performance, events, and circumstances might be materially different from what we expect.
4. For the vast majority of affected customers, the only information obtained was an email address or a full name.

Threads spotted exploring ads, but says ‘no immediate timeline’ toward monetization

For the vast majority of affected customers, the only information obtained was an email address or a full name. For 310 people, the information taken included their name, date of birth, and ZIP code. Of those, 10 customers had “more extensive account details revealed,” Robinhood said in a statement.

Robinhood enlisted the help of outside security firm Mandiant as it investigates the incident. Charles Carmakal, CTO of Mandiant, said in a statement emailed to The Verge that it had “recently observed this threat actor in a limited number of security incidents, and we expect they will continue to target and extort other organizations over the next several months.” He did not elaborate further. The company said in a blog post that a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers.

Robinhood hit by data breach exposing users’ emails, names

As mentioned before, hackers can use phone numbers to execute a SIM Swap attack. We have a guide on preventing SIM Swaps here, as well as tips for spotting and responding to them. The breach happened on 3 November through what’s known as “social engineering” – a specifically targeted and convincing scam designed to trick an employee into divulging login details or other sensitive information. Online stock trading platform Robinhood has confirmed it was hacked last week with more than five million customer email addresses and two million customer xcritical cheating names taken, as well as a much smaller set of more specific customer data.

Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident. The data breach occurred last Wednesday after hackers tricked a customer support employee by phone” into giving them access to “certain customer support systems,” according to the post. NEW YORK (AP) — Popular investing app Robinhood said Monday that it suffered a security breach last week where hackers accessed some personal information for roughly 7 million users and demanded a ransom payment.