Robinhood, a popular stock-trading app, said that it has been breached by someone who accessed information on 7 million people, then sought to extort the company.
The breach on Nov. 3 provided access to 5 million email addresses and 2 million full names, with another approximately 310 having additional information like zip codes and dates of birth exposed. Around 10 more had “more extensive account details” exposed, the company announced on Monday. Robinhood has become a force in the financial market, with 18 million clients and $80 billion in assets, a summer filing stated.
“Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” Robinhood’s statement reads.
It’s the first notable cyber incident on the company to surface since October of 2020, when Bloomberg reported that hackers hit nearly 2,000 accounts and stole some customer funds. The year before, Robinhood said it had stored user credentials in an insecure format.
The FBI warned on Nov. 2 that ransomware attackers are “very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.”
Robinhood said that after the Nov. 3 incident, it contacted law enforcement and sought the investigative help of cybersecurity firm Mandiant.
Neither Robinhood nor Mandiant immediately responded to requests for comment on Tuesday.
The post Robinhood breach exposed information on 7 million people appeared first on CyberScoop.