Robinhood has disclosed a data breach affecting millions of users, but what exactly was exposed, and what do customers need to know? The stock-trading service offers users fee-free transactions via its mobile apps. Since launching in 2013, Robinhood has also expanded into cryptocurrencies, allowing users to buy and sell bitcoin, along with other popular digital tokens.
The company has long been known for "gamifying" the trading process, which helped it reach levels of popularity that it's practically become a byword for online trading. For much of its existence, Robinhood showered users' screens with digital confetti whenever they executed a trade. However, criticism of the app's perceived addictive qualities has since seen the firm take a more conservative approach, removing the confetti and adding more resources for those whose heavy use of the app is potentially unhealthy.
Robinhood says an unidentified hacker gained access to a database containing some customer information on November 3. At the time of writing, the company says "the attack has been contained" and that it has carried out an initial investigation. Robinhood states it does not believe the attacker gained access to users' Social Security numbers, bank account details or debit card numbers. It also claims the hack has not resulted in "financial loss" for any of its customers. However, the hacker did manage to obtain roughly five million email addresses, plus full names for an additional two million Robinhood users. In addition, names, dates of birth, and zip codes for 310 people were also exposed in the breach. Of that group, additional information for 10 of those people was also revealed.
Hacker Relied On Social Engineering To Gain Access
The firm notes the hacker got into certain systems by using social engineering skills on its customer support staff. Robinhood says the attacker has since demanded an "extortion payment," though the company has not disclosed whether it has paid anything. Robinhood says it has informed law enforcement about the breach and that it is working with data security company Mandiant to probe the hack further.
While Robinhood says there have been no financial losses, it's still essential for users to remain vigilant and practice good security habits. For example, customers should be wary of emails that claim to come from the company and ignore any embedded links. Instead, users should log in to their Robinhood account via the app only and make sure they have two-factor authentication. And of course, this is as good a time as any for users to make sure they're using a password manager to ensure they're not reusing the same credentials across multiple apps and services.
Source: Robinhood