Robinhood a popular trading app offers commission-free trades of stocks, exchange-traded funds and cryptocurrencies suffered a security breach on nov 3 late evening where hackers accessed some personal information of roughly 7 million users then demanded for a ransom payment.
“Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,”Robinhood Announces Data Security Incident
The hacker socially engineered a company customer service representative and gain access to internal systems, using it to obtain the email addresses of five million users, full names for a different group of about two million people, and additional information such as names, dates of birth, and zip codes for a limited set of 310 more users.
And to that with a subset of approximately 10 customers having more extensive account details revealed. However, the company did not provide further specifics about what those “extensive” details were.
After the company contained the intrusion, the hacker demanded an extortion payment but the company promptly informed to law enforcement and they are continuing to investigate on this incident with the help of Mandiant, a leading outside security firm.
Interestingly, the list of email addresses also includes accounts that have been previously deactivated. According to Robinhood’s terms, this is done so “because regulations require us to preserve certain books and records.”
How to secure your Robinhood Account
- Tap the Account (person) icon in the bottom right corner.
- Tap the Menu (three bars) in the top right corner.
- Tap Security and Privacy.
- Under Security, tap Two-Factor Authentication.
- Select Text message (SMS)
- Check your text messages and copy the verification code from Robinhood.