However, it’s always possible other data was accessed by the hackers that Robinhood’s investigation is yet to uncover. Such ransom demands are not uncommon in cyber-attacks and usually amount to a promise not to sell on the compromised data or leak it for free online. The hackers then demanded a ransom payment, Robinhood said (the company did not respond to Insider’s questions about whether it paid — or plans to pay — the ransom). The company began trading on the Nasdaq exchange in July, with the worst market debut among 51 US firms that raised as much money or more than Robinhood, according to data from Bloomberg. In its S-1 filing, Robinhood acknowledged a recent SEC Enforcement Division inquiry and that the United States Attorney’s Office for the Northern District of California had executed a search warrant for Tenev’s phone. A self-custody cryptocurrency wallet, Robinhood Wallet, and related services are offered through Robinhood Non-Custodial, Ltd. (a limited company organized in the Cayman Islands).
NEW YORK — Popular investing app Robinhood said Monday that it suffered a security breach last week where hackers accessed some personal information for roughly 7 million users and demanded a ransom payment. In a blog post, Robinhood explained that an “unauthorized third party” engineered the leak through its customer support systems. Users’ bank account information, Social Security numbers and other financial data does not appear to have been affected. Robinhood said that 10 customers had “more extensive account details revealed.” Robinhood did not say what information specifically, though no Social Security numbers, bank account numbers or debit card numbers were exposed and caused no immediate financial loss to customers. We previously disclosed that, based on our investigation, the unauthorized party obtained a list of email addresses for approximately five million people, as well as full names for a different group of approximately two million people.
Our mission is to offer reliable tech help and credible, practical, science-based life advice to help you live better. Here’s hoping this Robinhood leak is finally under control, but we’ll be sure to to update you if any other data is confirmed stolen. Robinhood said it had rejected a demand for payment and reported the attack.
The app, which allows for low-volume share trading by ordinary people looking to invest, exploded in popularity earlier this year and was widely used by speculative investors behind the GameStop trading frenzy. It affected five million people whose email addresses were compromised and the full names of a further two million. “We owe it to our customers to be transparent and act with integrity,” the company’s security officer, Caleb Sima, said in a published statement. And it does not believe the most sensitive information it gathers – US social security numbers and financial information – was revealed. The company says the breach affected “a limited amount of personal information for a portion of our customers”.
Body of British tech billionaire Mike Lynch recovered off the coast of Sicily
This isn’t even the first data breach for Robinhood, which went public this past summer. In October 2020, hackers gained access to almost 2,000 accounts via users’ email addresses. The company said once it secured its systems the hacker then “demanded an extortion payment.” Robinhood instead notified law enforcement and security firm Mandiant to investigate the breach.
‘Error’ behind data breach at financial regulator
The online trading platform said that it believes no Social Security numbers, bank account numbers or debit-card numbers were exposed and that customers have seen no financial losses because of the intrusion. The nonprofit Identity Theft Resource Center said last month that nearly 1,300 incidents had been publicly reported through the end of September 2021, outpacing the 1,108 that were confirmed in all of 2020. If roughly 7 million accounts were compromised, that’s over a third of customers affected. Going forward, cybersecurity expert Brian Krebs tweeted Monday, “it’s safe to expect an uptick in phishing schemes targeting Robinhood users.”
What Was Stolen in the Robinhood Data Breach (and What You Should Do Now) [Updated]
- Research and financial considerations may influence how brands are displayed.
- Robinhood also said a much smaller group of about 310 people had much more information exposed – including names, dates of birth, and US zip codes.
- We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze.
- As mentioned before, hackers can use phone numbers to execute a SIM Swap attack.
- That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers.
At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people. In an official blog post, the company says the attack took place on Nov. 3, when an xcritical cheating “unauthorized third party” used social engineering to gain access to a portion of the app’s customer support system.
More than 22 million users have funded accounts at Robinhood, with nearly 19 million actively using theirs during September. Research and financial considerations may influence how brands are displayed. Robinhood has had a rocky 2021 so far; in January, it halted trading as Redditors helped push up the prices of so-called meme stocks like GameStop and AMC Theaters. The incidents led to a congressional hearing where CEO Vlad Tenev testified along with Reddit CEO Steve Huffman and trader Keith Gill aka RoaringKitty. Lifehacker has been a go-to source of tech help and life advice since 2005.
Robinhood has had cyber security troubles before, with hackers targeting its users last year, successfully gaining access to around 2,000 of its customers’ trading accounts. After we contained the intrusion, the unauthorized party demanded an extortion xcritical reviews payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm. US share-trading app Robinhood has been hit by a security breach that has exposed the names or email addresses of more than seven million people. “No social Security numbers, bank account numbers, or debit card numbers were exposed” and “there has been no financial loss to any customers as a result of the incident,” Robinhood said, based on its investigation. “At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people,” the post said.
Customers seeking information about whether their accounts were affected should visit the help center on the company’s website. These findings indicate that Threads engineers are exploring ad technology, but that doesn’t mean Threads will debut ads anytime soon, as some suspect. After saying users “do not need to worry excessively” about a series of security flaws, Ecovacs said it will — in fact — roll out fixes.
A faulty update by the cyber-security firm last month caused chaos around the world. Robinhood is available only to US users and requires them to be over 18, provide a valid social security number, and a valid US address. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” it said. Say Technologies, LLC provides technology services for shareholder engagement and communication.Sherwood Media, LLC produces fresh and unique perspectives on topical financial news.
An unauthorized third party “socially engineered a customer support employee by phone,” Robinhood said, and was able to access its customer support systems. The attacker was able to get a list of email addresses for approximately 5 million people and full names for a separate group of 2 million people. For a smaller group of about 310 people, additional personal information, including names, dates of birth, and zip codes, was exposed, and for about 10 customers, “more extensive account details” were revealed. The unauthorized party socially engineered a customer support employee by phone and xcritical courses scam obtained access to certain customer support systems.
The popular trading app Robinhood announced Monday that millions of its users had their personal information exposed in a data breach. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” Robinhood chief security officer Caleb Sima said in a statement. And now that we know several thousand phone numbers were also stolen, users should be extra vigilant. Update login info and enable 2FA on any accounts tied to you phone numbers.
