Stock trading platform Robinhood was hit after its system washackerA data breach was disclosed after the attack, in which a threat actor gained access to the personal information of approximately 7 million customers.
The attack occurred on November 3, with attackers calling customer support employees and using social engineering to gain access to customer support systems.
After gaining access to the support system, the threat actors were able to access customer information, including full names, email addresses, and a limited number of persons, birth data, and postal codes.
"At this time, we learned that an unauthorized party obtained a list of email addresses for approximately 5 million people, as well as the full names of a diverse group of approximately 2 million people," a blog post published today about the security incident revealed.
"We also believe that for a small number of people - approximately 310 people in total - additional personal information, including names, dates of birth and postal codes, was exposed, and that a subset of approximately 10 customers had wider account details exposed. "
In summary, the data breach exposed:
5 million customer email addresses.
The full name is 2 million.
Names, dates of birth and zip codes of 300 people.
Wider account information for 10 people.
The company said it does not believe any Social Security numbers, bank account numbers or debit card numbers were exposed in the attack.
RobinHood also received ransom demands after learning of the attack and securing their systems. While Robinhood did not provide any details about the ransom demand, the stolen data could be exposed if the Bitcoin ransom is not paid.
RobinHood said they will continue to investigate the incident with the help of Mandiant, a well-knowncyber securityCompanies, often used to perform incident response after an attack.
Robinhood chief security officer “As a safety-first company, we have a duty of transparency and integrity to our customers,” Caleb Sima said. “After careful review, bringing this incident to the attention of the entire Robinhood community is the right thing to do now.”
Original article, author: Chief Security Officer, if reprinted, please indicate the source: https://cncso.com/en/robinhood-reveals-data-breach-affecting-7-million-customers.html
