Skip to content

7 million users impacted by Robinhood data breach

Robinhood, a stock trading and investing platform, experienced a data breach on the evening of 3 November. In a notification by the company, the attackers gained access to a limited amount of information for a part of the platform’s userbase.

Roughly five million people’s email addresses were accessed, and another two million users had their full names leaked to the intruder. Additional personal information such as name, date of birth and zip codes of roughly 310 customers was exposed, with even more information revealed of 10 of them. 

The company is investigating the incident along with Mandiant, an external security firm. Robinhood maintains that no Social Security, bank account or debit card numbers were exposed, and no customers have had a financial loss. The company is working to notify the appropriate disclosures to affected people. 

In the News: Instagram Previews come back to Twitter after 9 years

Data breach or ransomware attempt?

The attack was carried out by social engineering a customer support employee at the company and obtaining access to specific customer support systems. 

After Robinhood was able to contain the intrusion, the intruders demanded payment to release information. It was at this point that the incident was reported to law enforcement. 

According to Caleb Sima, Robinhood’s Chief Security Officer, “following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.” He also pointed out that “as a Safety First company, we owe it to our customers to be transparent and act with integrity.”

The following user data was leaked in the incident:

  • Email addresses of approximately five million users.
  • Real names of approximately two million users.
  • Name, date of birth and zip code of about 310 users. 
  • Further personal information of roughly 10 users. 

This is the company’s most significant cybersecurity incident to date, with the last scandal taking place in July 2019 when the company admitted to storing some users’ passwords in plaintext.

In the News: US power grid is under threat from drones

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

Share on facebook
Share on whatsapp
Share on twitter
Share on reddit
Share on linkedin
Share on pocket
Share on pinterest
Share on telegram
Share on stumbleupon
Share on digg
Share on tumblr
Share on email
Share on skype
Share on xing
Share on vk
Share on odnoklassniki
Share on mix