A prominent hacker forum and the marketplace is selling the data of about 7 million Robinhood customers who were compromised in a recent data breach.
Last week, Stock Trading Company Robinhood announced a data breach when one of its workers was hacked, and the threat actor utilised their account to get access to the personal information of around 7 million consumers via customer care services.
The following personal information about Robinhood users was taken during the attack:
- TikTok phishing threatens to delete influencers’ accounts
- Email addresses for 5 million customers.
- Full names for 2 million other customers.
- Name, date of birth, and zip code for 300 people.
- More extensive account information for ten people.
In addition to acquiring the information, Robinhood stated that the intruder tried to extort money from the firm in order to keep the information from being disclosed.
Stolen email addresses, especially those for financial services, are in high demand among threat actors because they may be used in targeted phishing attempts to gain additional sensitive information.
Two days after Robinhood disclosed the breach on a hacker forum, A threat actor known as 'pompompurin' revealed that they were selling the data. pompompurin stated in a forum post that he was selling 7 million Robinhood clients' stolen information for at least five figures, or $10,000 or more.
The sold data includes 5 million email addresses, as well as 2 million email addresses and complete names for another tranche of Robinhood users. However, pompompurin stated that they will not sell the data of 310 clients who had more sensitive information compromised, including some users' identity cards.
The threat actor claims that they downloaded the ID cards through SendSafely, a secure file transfer service utilised by the trading platform while conducting Know Your Customer (KYC) procedures. Robinhood did not initially reveal the theft of ID cards.
Robinhood told BleepingComputer, "As we disclosed on November 8, we experienced a data security incident and a subset of approximately 10 customers had more extensive personal information and account details revealed. These more extensive account details included identification images for some of those 10 people. Like other financial services companies, we collect and retain identification images for some customers as part of our regulatory-required Know Your Customer checks."
The attacker gained access to the Robinhood customer service systems, according to BleepingComputer, by defrauding a worker into installing remote access software on their desktop. When the hacker has it installed, he or she can do the following:
- keep an eye on the victim's activities,
- capturing screenshots
- access the computer remotely,
- utilise the employee's stored login credentials to access internal Robinhood systems
"I was able to see all account information on people. I saw a few people while the support agent did work," pompompurin told BleepingComputer.
pompompurin posted images of the fraudsters obtaining access to internal Robinhood systems to prove that they carried out the attack. When approached by BleepingComputer, Robinhood did not explicitly confirm that the screenshots were obtained from their systems.
