Robinhood data breach involved social engineering attack in which hackers called a customer service staff member and somehow gained access to the support system.
A widely used stock trading app, Robinhood, has confirmed suffering a major data breach “late in the evening of November 3.” According to Robinhood, hackers could access data of 7 million users, which account for almost one-third of its overall user base.
The commission-free investment platform stated that it is currently investigating the incident and notifying impacted users.
It is worth noting that Robinhood also suffered a data breach last year where around 2,000 of its accounts were compromised, and customer accounts were looted. At that time, the trading firm couldn’t respond as proactively to the attack as it has now. It asserts that the attack has been contained and sensitive data is not leaked.
What Happened?
The Menlo Park-based financial platform revealed in an official statement released on Monday that the attacker called a customer service staff member and somehow gained access to the support system using social engineering tactics. However, the company could contain the breach and prevent sensitive information from getting into the wrong hands.
“We believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” the company said.
About Exposed Data
Reportedly, the attacker obtained the email addresses of nearly 5 million users and the full names of another 2 million users. Additionally, personal details of 310 were also exposed in the attack which included names, ZIP codes, and birth dates.
After obtaining the information, the attacker threatened the company about the repercussions of this data breach. They demanded ransom payment despite that it wasn’t a ransomware attack. However, Robinhood spokesperson categorically denied paying the attacker.
According to Randy Watkins, CTO at cybersecurity consulting and managed detection and response (MDR) services company CRITICALSTART, “Social Engineering continues to be a key technique for attackers because of its low cost and low risk. In this scenario, attackers took advantage of the employees’ desire to help, gaining access to support systems in the process.”
“Unfortunately, this attack vector has little technical prevention. While some industries require user awareness training, the dry subject nature of the material often creates a “click-and-drool” experience where the end-user absorbs nothing, Randy said.
“However, some security startups are addressing the problem with more engaging and entertaining user awareness training. I applaud Robinhood for the transparency and disclosure of the data breach,” Randy added.
Investigation Underway
Robinhood Inc. has notified law enforcement and Mandiant Inc. to investigate the incident. According to Charles Carmakal, Mandiant’s Chief Technology Officer, Robinhood has conducted a comprehensive investigation to examine the impact of the incident.
Furthermore, Carmakal noted that his company believes the attacker will continue to extort other organizations “over the next several months.”
A Hard Week For Robinhood….
This week has turned out to be somewhat tough for the Silicon Valley firm as its shares fell 3% to $36.84 at around 5:30 p.m. in New York in extended trading and were slightly changed on the year via the close of regular trading.
An interesting fact revealed is that the exposed email addresses include previously deactivated accounts, which Robinhood claims was done because, according to industry regulations, they need to store certain books and records. The company recommends users secure their accounts via 2FA by visiting- Help Center > My Account & Login > Account Security.
