[TheRecord] Robinhood discloses security breach and extortion attempt

Stock trading and investing app Robinhood said that hackers breached the account of a customer support employee, stole the personal data of millions of users, and then tried to extort the company for a ransom payment when it detected the intrusion.

The hack took last Wednesday, on November 3, according to emails obtained by The Record that Robinhood has sent to customers earlier today.

Image: The Record

“The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems,” the company also explained in a blog post.

Via this account, Robinhood said the intruder was able to access and collect vast quantities of user data.

Depending on what was stored in the compromised accounts, Robinhood said data collected by the hacker includes details such as:

email addresses for 5 million usersreal names for 2 million usersname, date of birth, and zip code for ~310 usersextensive personal data for ~10 users

Robinhood said that once it detected the intrusion last week, it worked with security firm Mandiant to secure its servers.

Once this happened, the hacker asked the company for a ransom payment not to disclose the breach.

Robinhood said it notified law enforcement instead.

This is the company’s biggest security incident to date. While the company admitted to small batches of user accounts getting hacked once in a while, it never had a breach of this size reported before.

Prior to today’s event, the biggest Robinhood security scandal took place in July 2019, when the service admitted to storing some users’ passwords in plaintext.

The post Robinhood discloses security breach and extortion attempt appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Cruise Giant Carnival Says Customers Affected by Breach

All posts, Security Week

Carnival Corp. said Thursday that a data breach in March might have exposed personal information about customers and employees on Carnival Cruise Line, Holland America Line and Princess Cruises. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] Experts or ‘Grifters’? Little-Known Firm Runs Arizona Audit

All posts, Security Week

In early March, a Boston-based vote-counting firm called Clear Ballot Group sent a bid to Arizona’s state Senate to audit the 2020 presidential election results in Maricopa County. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] Yubico Launches New Security Key With USB-C and NFC

All posts, Security Week

Yubico on Tuesday announced the launch of Security Key C NFC, a new hardware security key that includes NFC capabilities in a USB-C form factor. read more Source: Read More (SecurityWeek RSS Feed)

Read More