SHARES PLUMMET as Robinhood hack exposes millions of customers’ data

Robinhood, a US-based cryptocurrency stock trading mobile app, has suffered a major cybersecurity breach which has resulted in the leak of roughly 7 million customers’ data. 

The attack that occurred is reported to have impacted the platform last week on the evening of November 3rd, with Robinhood releasing a statement addressing the incident early on Monday morning. Following media coverage of the cyberattack, shares crashed by 3% to $36.84. 

In their blog statement, Robinhood stated that “the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.” 

The statement goes on to detail the attack as part of a social engineering construct, which targeted a “customer support employee”. The employee inadvertently disclosed information during a phone call which allowed the hacker to access the support system remotely.  

7 million people’s data was leaked, some of which pertained to full names, some of which to customer email addresses. A smaller proportion of customers, unfortunately, had more sensitive data compromised - namely their date of birth and address, with some suffering from “extensive account details” being revealed. 

Speaking on their response to the attack, Robinhood confirmed that the threat actors “demanded an extortion payment” once the intrusion had been contained. Robinhood did not comply with these demands, choosing instead to contact law enforcement and are said to be “continuing to investigate the incident”.  

Robinhood Chief Security Officer Caleb Sima had this to say in regards to the timing of the statement disclosing the attack: 

“As a Safety-First company, we owe it to our customers to be transparent and act with integrity […] following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”  

Robinhood has enlisted the aid of security firm Mandiant to continue to monitor the vulnerability and investigate further. Speaking to The Verge, Mandiant CTO Charles Carmakal said his firm have dealt with the suspected threat actor in the past, and he does not expect this incident to be the last of its kind: 

“We recently observed this threat actor in a limited number of security incidents, and we expect they will continue to target and extort other organizations over the next several months.”