Robinhood saw tremendous growth in recent years thanks to its innovative idea that allows anyone to trade stocks and cryptocurrencies directly from their smartphone. You don’t need complicated equipment to monitor markets, and you can trade from anywhere in the world, as long as you have an active internet connection. One other ingredient that makes this idea so successful is the cost. All Robinhood trades are free for the user. You don’t have to pay Robinhood a commission, as the company makes its money elsewhere. The massive increase in popularity that followed wasn’t surprising, with Robinhood reaching over 31 million users as of June 2021. It’s that sort of reach that makes a company like Robinhood so appealing to hackers. And Robinhood just confirmed it suffered a massive data breach that allowed attackers to steal personal information of 7 million Robinhood accounts.
The Robinhood data breach
Robinhood disclosed the hack on Monday, CNN informs. The attack occurred on November 3rd, with the hackers stealing a list of email addresses for about 5 million people and the full names of another group of 2 million people.
Separately, the hackers stole the names, dates of birth, and zip codes of 310 people. About 10 customers had “more extensive account details,” Robinhood. The trading platform did not explain what that means.
“We believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” the company said.
Robinhood also noted that the hackers demanded an extortion payment after the hack. The company informed law enforcement “promptly.” But Robinhood never said whether it complied with the payment demands or not.
The data breach itself wasn’t as sophisticated as you might expect. Rather than compromising the security of Robinhood, the hackers social-engineered their way into the system. The unauthorized party posed as a customer support employee by phone, and that’s how she or he got access to the Robinhood customer support systems.
What you can do to protect yourself
Robinhood said it’s in the process of making “appropriate disclosures to affected people.” It’s also investigating the matter with the help of security company Mandiant. But it’s unclear what support or services Robinhood will offer impacted buyers. As the data breach disclosure indicates, at least 10 account holders have real reasons to worry about the data breach. And the hackers accessed more information for 310 Robinhood customers.
While you wait for Robinhood to confirm whether you’re one of the 7 million customers in the data breach, you can take steps to ensure you protect your account. The hackers did not get into your account, and they didn’t hack passwords. But you should employ a strong, unique password for all accounts, especially those that handle finances, like Robinhood. You should use two-factor authentication. And you shouldn’t fall for the increasingly sophisticated attacks that attempt to steal those temporary passwords. Don’t give out your one-time passwords to anyone for any reason whatsoever.
If you’re worried about your Robinhood account safety, you can reach customer support for guidance. Also, keep up with Robinhood’s data breach announcement available in full at this link.