The trading platform reported a cyberattack, as a result of which the information on 7 million users of the site was compromised.
In a blog post, the company reported that on the evening of November 3, criminals used telephone and social technology to influence a customer support employee and gain access to a customer support system. As a result, hackers stole the email addresses of approximately 5 million users, as well as the full names of 2 million other users. Identities, names, dates of birth and zip codes were deduced by hackers from 310 clients using social engineering methods. Attackers lured away more complete data from 10 users.
The company says it stopped the cyberattack in time and was able to protect its users’ social security card numbers, bank account numbers and debit card numbers. Robinhood assures that not one client was harmed or incurred financial losses as a result of the cyberattack.
After the security service was able to localize the attack, the hackers contacted the platform’s administration and demanded a ransom for the stolen information. Robinhood refused to pay the ransomware and reported the cyberattack to law enforcement. The Robinhood security team, together with information security company Mandiant, have launched an investigation into the incident.
Robinhood Director of Security Caleb Sima believes that Robinhood should have reported the cyberattack to its clients because it positions itself as a secure trading platform.
“As a security company, we have a responsibility to our customers to be transparent and to act with integrity. After careful review, we made the right decision to bring this incident to the attention of the entire Robinhood community. ”
Data leakage is a real scourge for cryptocurrency companies. A month ago, the popular cryptocurrency service CoinMarketCap admitted leaking email addresses of more than 3 million users. In April, the Hotbit exchange was suspended due to a hacker attack and data leakage of 2 million users. The stolen data are put up for sale on the darknet by hackers. Thus, in May, the data of more than 500 thousand clients of the Turkish exchange BtcTurk were put up for sale.