More than five million user email addresses and two million customer names were stolen as trading platform Robinhood experienced a massive data breach. According to the online platform, a smaller collection of more detailed customer data was also compromised, which acknowledged the attack in the past weeks. To get access to customer support systems, a hostile hacker called a customer care agent last November 3 and used social engineering to penetrate the system. The hacker was able to access customer names and email addresses and the different complete names, dates of birth, and ZIP codes of 310 clients.
If you learned that adversaries got hold of the data you are protecting, may it be customer, proprietary, or other sensitive information, you should contact LIFARS immediately. When dealing with data breaches, time is of the essence and the initial 24 hours after the discovery are critical. LIFARS handles data breaches with military precision and ensures that root cause is found, eliminated, and detailed forensics are performed to discover all compromised information.
What Happened During the Attack
It took more than a few days for Robinhood to announce to the public that they experienced a massive data breach. Nevertheless, the company emphasized that, based on its research, the assault was not as widespread as some of the other significant cyber breaches that have occurred in the past. A total of ten users had their more complete account data exposed. Robinhood did not specify what information was compromised. In contrast, it did not reveal any Social Security numbers, bank account details, or debit card numbers, and there was no immediate financial damage to clients as a result.
According to the report, the incident occurred when an unauthorized individual “socially engineered” a customer service representative over the phone and gained access to specific customer support systems. More than seven million accounts were compromised in the cyber assault, accounting for almost one-third of Robinhood users. Following the recent event, the following pieces of information have been made public:
- A total of around five million email addresses are available.
- You gave a separate set of two million individuals their full names.
- In addition to their names, dates of birth, and zip codes being compromised, about 310 persons had other personal information.
- Ten clients had more detailed account information provided
Following the incident, Robinhood said that the hackers wanted an extortion payment from the company. Law enforcement was notified “immediately” by the corporation. Robinhood, on the other hand, never said whether it cooperated with the payment requests.
Despite what you would anticipate, the data hack itself wasn’t very sophisticated. Luckily, it did not compromise Robinhood’s security since the hackers used social engineering to enter the system. Moreover, because the unauthorized individual pretended to be a Robinhood customer care representative over the phone, they still gained access to the Robinhood customer support systems.
Growth Of Robinhood and Controversies Faced
Robinhood has seen remarkable growth in recent years due to its ground-breaking concept. It enables anybody to trade stocks and cryptocurrencies straight from their mobile device. Market monitoring does not need the purchase of expensive equipment, and you may trade from anywhere in the globe as long as you have an active internet connection to do so. Another factor that contributes to the popularity of this concept is its affordability. All trades made via Robinhood are entirely free for the user. Because Robinhood generates its money in other ways, users will not be required to pay a commission to the firm.
According to the most recent available data, the tremendous growth in popularity that followed was unsurprising, with Robinhood reaching over 31 million members by June 2021. For hackers, it is precisely this kind of reach that makes a firm like Robinhood so enticing. Robinhood seeks to provide ‘ordinary people with access to the stock market across the different states. In July 2021, it became a publicly traded corporation.
However, in contrast to the growing user and popularity, the company recently announced that it had suffered a significant data breach that enabled attackers to collect personal information from 7 million Robinhood accounts. That makes the recent incident not the first time Robinhood has been the victim or experienced a massive data security breach. According to a report published in 2019, the corporation has saved many of its users’ passwords in plaintext rather than encrypting them.
Likewise, a trading outage occurred on the business’s platform in March 2020, during which trading was momentarily inaccessible. The company said that the disruption was caused by stress on its infrastructure, which could not keep up with the enormous amount of traffic. There was a “thundering herd” effect resulting from this, resulting in its DNS system breakdown.
In the past, Robinhood has issued recommendations for clients on keeping their accounts safe. The company has said that it automatically protects all of its accounts using Trusted Devices, such as two-factor authentication, when signing up for an account (2FA). As recently as July 2021, the firm said its most excellent defense was provided by “educated, cautious consumers.”
How To Protect Yourself If You Are Included In The Compromised List
As you are waiting for Robinhood to determine whether you’re one of the 7 million users affected by the data breach, you may take measures to guarantee that your account is protected. Do not be too lenient and vigilant even if the hackers were unable to access your account, and they did not steal any passwords. It would be best if you used a one-time and robust password for all of your accounts, particularly those that handle financial transactions, such as Robinhood. It is also best recommended that you utilize two-factor authentication.
With all the possible cybersecurity threats like the massive data breach experienced by Robinhood, you should be cautious about falling prey to more sophisticated attacks that aim to acquire any of your passwords. Never give out your one-time passwords to anyone, for any reason. Always keep in mind the measures to keep any hackers, data breaches, or information leaks at bay.