U.S. based trading app company, Robinhood Markets, Inc. has confirmed that a data breach resulted in leaked personal information of about seven million customers, which is roughly a third of its user base.
The company said in a blog post that an unauthorized third party had socially engineered a customer support employee by phone on November 3rd and obtained access to certain customer support systems.
Major Breach of Data
The unauthorized party was able to obtain a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.
This included thousands of phone numbers as well, which are of importance to hackers. They use it to send phishing messages and calls to obtain multi-factor authentication codes to gain access to the trading accounts.
The hacker was also able to get additional personal information, including name, date of birth, and zip code of 310 customers, with a subset of approximately 10 customers having more extensive account details revealed.
According to Robinhood, the attack has been contained and no Social Security numbers, bank account numbers, or debit card numbers have been exposed. Also, there has been no financial loss to any customers as a result of the incident.
The company added that after they contained the intrusion, the hacker demanded an extortion payment. Robinhood instead promptly informed the law enforcement and are currently investigating the incident with the help of Mandiant, a leading outside security firm.
Robinhood Acknowledgement
“As a Safety First company, we owe ..
Support the originator by clicking the read the rest link below.
