Robinhood, the commission-free stock market platform, said it was cyber-attacked on November 3 and that some of the information of a total of 7 million people had been compromised. Payment information was not among the information seized.
Robinhood, the stock market app that attracted a lot of backlashes when it stopped trading during the Gamestop movement in the US, came up with a scandal today. The company said in a statement that it was cyber-attacked on November 3 and that the personal information of more than 7 million of its customers had been compromised.
The information seized reportedly did not include social security numbers, bank account numbers, or credit card numbers. However, it was also stated that no users suffered financial losses. How the cyberattack occurred was also shared by the company.
A customer service employee was reached through social engineering:
According to the shared statement, an unauthorized third party contacted a customer service employee by phone. The person then logged into the customer service system. The person/persons who carried out the cyberattack managed to obtain the email addresses of 5 million people and list the names and surnames of 2 million people.
A small group of about 310 customers had their names, dates of birth and postcodes seized. It was announced that”more comprehensive account information” was obtained from 10 users. The company did not disclose what this ‘comprehensive information’ was, but a spokesperson told The Verge that payment information was not included.
Robinhood, which took control of the attack, said the person who carried out the cyberattack demanded a ransom– and that they reported it to law enforcement. However, no information was released on whether the company had paid the requested ransom. Robinhood enlisted the help of Mandiant, a security firm, to investigate the incident.