Recently, Robinhood, a stock trading platform, revealed that a data breach incident occurred inside their system after threat actors hacked and obtained access to sensitive information of about 7 million users.
The breaching incident was traced back to the 3rd of November. A threat actor contacted a customer support employee and used social engineering techniques to access the customer support system.
After successfully accessing the support system, the hacker was able to gain customer information such as full names, email addresses, date of birth, and zip codes.
According to the stock trading platform, they now know that about 5 million users email addresses were stolen and another 2 million for customers’ full names.
Fortunately, the company believed that bank account numbers, debit card numbers, or Social Security numbers were not exposed or stolen during the breaching incident.
Hackers conducted extortion against RobinHood.
RobinHood has also received extortion messages from the hackers after gaining knowledge about the breaching incident. However, they did not release any details regarding the extortion, but it is more likely a threat of stolen data leakage if the stock trading platform does not pay the Bitcoin ransom.
Today, they are continuing to investigate the breach data incident with the aid of a few cybersecurity agencies.
In addition, the platform stated that they are transparent with their customers, and they wanted to let them know that they are trying their best to mitigate any potential damage in the future.
RobinHood users should take the initiative.
According to RobinHood, every one of the affected customers should be very wary of incoming phishing emails developed to steal credentials.
In addition, users should always check for messages in the stock trading app after logging into their accounts.
RobinHood also wants their customer to request a call directly from their support service by accessing their application’s ‘Contact Us’ mode.
Moreover, they reminded their customers to only interact with legitimate RobinHood employees by visiting the RobinHood social apps.
In case of unwanted emails, RobinHood urges its customers to report any phishing emails or phishing attempts that they will encounter.
Lastly, although passwords were not exposed during the breaching incident, customers are not prohibited from changing their current passwords for safety purposes.
