On November 3rd, Robinhood disclosed that it had a security breach that exposed the data of up to 7 million customers, or roughly a third of its total user base. The bad actor gained the email addresses of 5 million persons and the complete identities of another set of roughly 2 million consumers, according to the financial services business. In addition, the hacker gained access to 310 people’s personal information, including their name, date of birth, and zip code. Ten of the 310 consumers had their account information revealed in more detail.
The incident did not expose any Social Security numbers, bank account numbers, or debit card numbers, according to Robinhood, but it is still making the necessary disclosures to the affected customers. The business claimed it has already contained the assault, which allows customers to make commission-free stock and cryptocurrency trades. After turning off the hacker’s access, the attacker demanded payment for the stolen information and threatened to do something with it if they weren’t paid.
A Robinhood spokeswoman told Bloomberg that it wasn’t a ransomware assault, but they wouldn’t disclose if they paid — or how much money changed hands if they did. It did declare, however, that it had notified law authorities about the intrusion and had hired security firm Mandiant to examine the matter. According to Bloomberg, Mandiant’s CTO Charles Carmakal believes this is simply the beginning of a series of data breaches. According to the corporation, the attacker is planning to target and extort more businesses and organizations in the following months.
So far in 2021, Robinhood has had a bumpy ride; in January, it paused trading after Redditors aided in the price rise of so-called meme stocks like GameStop and AMC Theaters. The occurrences prompted a congressional hearing, at which CEO Vlad Tenev, Reddit CEO Steve Huffman, and trader Keith Gill nicknamed RoaringKitty testified.