Posted on November 10, 2021 at 9:45 AM
Retail broker Robinhood revealed that it recently suffered a security breach that exposed the data of up to 7 million users. According to the broker, the threat actor collected the full names of 2 million users and the email addresses of an additional 5 million of its users.
Also, the bad actor successfully stole the personal details of 310 users, including their zip codes and their date of birth.
However, Robinhood stated that no debit card numbers, bank account numbers, or Social Security numbers were exposed in the attack.
The broker says it has started contacting the affected customers who may be exposed to phishing attacks in the future.
Attack Has Been Mitigated
Robinhood said it has already contained the attack and has prevented the attackers from having further access to the platform. After the attack, the threat actors who claimed responsibility for the incident demanded a ransom payment to protect the details of the victims.
However, a Robinhood spokesperson said it was not a ransomware attack, but did not state how the company negotiated about the stolen data.
Robinhood, in a blog post, explained that the threat actors were able to steal users’ data via social engineering techniques. They obtained access to some customer support systems through a phone support rep.
Other Organizations Could Be Targeted
The broker said it has already notified law enforcement agencies about the breach and had contacted cybersecurity firm Mandiant to investigate the incident.
Mandiant’s Chief Technology Officer, Charles Carmakal, stated that the threat actors could be planning other cyber attacks. The security firm believes that the hackers may target other organizations with the same techniques in the coming months.
Chief Security officer of Robinhood, Caleb Sima, stated that the firm always puts the safety of its customers first.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” he stated.
He added that the company decided to inform the entire Robinhood community about the incident because it’s the right thing to do.
In July, the US Financial Industry Regulatory Authority fined Robinhood $70 million for causing “significant harm” to millions of customers. According to the regulator, Robinhood’s actions caused several systematic failures that affected its customers’ investments. The company was also charged for providing misleading information to customers.
Robinhood Asks Customers To Be Cautious
The company has also asked its customers to look into their accounts and discover how they are kept safe. Customers have been advised to go to the “Account Security” section in the app to find out how Robinhood keeps their accounts safe.
This is not the first time Robinhood has been attacked. Chief data scientist at Rapid7, Bob Rudis, stated that Robinhood was attacked last year. He added that once a company has been compromised once, threat actors often put the firm on a list of their future targets.
Several threat actors are graduating to ransomware attacks, but some hackers have remained in the massive phishing campaign. They have continued to use social engineering techniques to steal information from individuals who may likely have significant financial assets.
The personal information retrieved from the accounts of their targets can be used to carry out major phishing campaigns in the future. Sometimes, the threat actors keep the information and use them in the future when the targets may have accumulated financial wealth. In some cases, the details are sold to the highest bidder on the darknet. This means that all exposed victims in an attack can be potential targets and victims in future attacks.
Customers Asked To Be Very Cautious
Robinhood claims to have 18.9 million clients. This means that nearly a third of its customers were victims of the data breach. The company has asked its clients to be more vigilant and maintain the highest levels of security on their accounts. They have been asked to enable multi-factor authentication (MFA) across all their accounts and all platforms.
Customers should also stop using any service that doesn’t support MFA because they may be more vulnerable to attacks. Customers have also been advised to freeze their credit information whether they have been notified about the incidence or not. This means that the scammer will be unable to use their credit details to obtain a loan in the user’s name.
Also, users have been advised to be careful when responding to unsolicited emails coming from addresses they are not familiar with. Robinhood noted that the platform has updated its security protocols.