The popular investment app Robinhood announced recently that it experienced a data security breach on November 3, 2021. The incident gave the attackers access to personal information belonging to millions of users on the platform.
The “unauthorized party” gained access to the customer support system via a social engineering technique, Robinhood stated in a blog post.
Although the security threat has been contained according to the investment platform, the attackers had already gained access to a limited amount of customers’ information.
Caleb Sima, Robinhood Chief Security Officer, said:
“As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
Seven Million Customers Affected
The investment app, which has multiple cryptocurrencies available on its platform, noted that following its investigations, the hackers successfully obtained email addresses belonging to approximately five million customers. Additionally, another two million users had their full names compromised.
According to Robinhood, approximately 310 customers had more than their names and email addresses revealed, as their zip codes and date of birth were also accessed by the malefactors.
In addition, ten customers had extensive details of their accounts getting compromised in the breach.
Robinhood disclosed that following its investigations, it is certain that the unauthorized party did not gain access to customers’ bank account details, debit, and credit card information. Furthermore, none of its users had experienced any financial loss as a result of the incident.
Hackers Demand Ransom
Moments after the situation was contained, the attackers contacted Robinhood, demanding an undisclosed ransom in exchange for the information.
Instead of meeting their demands, the company said it contacted relevant law enforcement agencies to weigh in on the issue. Robinhood is also working with Mandiant, a leading security firm, as the investigation into the matter continues.
Attacks on Robinhood Not New
Meanwhile, it is worth noting that this is not the first time that Robinhood has been successfully attacked. The commission-free trading app was compromised last year, with almost 2,000 users affected.
Although the attackers gained access to customers’ login details outside of the application, the details were later used to siphon the affected users’ funds out of the platform.