Stock trading platform Robinhood has been hacked by an unauthorized third party that put seven million users at risk, as threat actors obtained personal data from around five million people. Fortunately, Robinhood confirmed that no financial information has been exposed.
The hackers gained access to "certain customer support systems” by socially engineering a customer support employee by phone, obtaining a list of email addresses from five million users, full names from a separate group of two million people, along with a further 310 users having their name, date of birth, and zip code exposed. Robinhood also states that around 10 customers had "more extensive account details revealed."
The popular trading platform claims the cybersecurity attack has now been contained, and has now informed law enforcement and continuing investigations. After the attack, the threat actors also demanded a ransom payment for the stolen information.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood Chief Security Officer Caleb Sima on the post. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
While no bank account details or social security numbers were stolen, having personal data exposed can lead to other forms of cyberattacks. The good news is Robinhood enables two-factor authentication (2FA), which can be set up in the app. Check out how to do 2FA right for more details. With such widespread personal information being exposed, it's also a good idea to change your password.
Robinhood also recommends heading to its "Account Security" page in the app's Help Center, and states to look out for strange messages, as it will "never include a link to access your account in a security alert."