On Monday, Robinhood issued a warning to users that a hacker had gotten past the stock-trading app's safeguards, obtaining millions of user email addresses and other information. The perpetrator contacted customer service and, posing as an authorized party, persuaded a Robinhood employee to grant access to the customer support computer system, a hacker tactic known as "social engineering," according to the company's blog post.
Robinhood Markets, Inc. is an American financial services firm based in Menlo Park, California, that is most known for pioneering commission-free stock, exchange-traded funds, and cryptocurrency trading with a mobile app launched in March 2015. Robinhood is a FINRA-regulated broker-dealer that is also a member of the Securities Investor Protection Corporation. It is also registered with the US Securities and Exchange Commission.
According to the post, after taking information from Robinhood, the hacker attempted to extort money from the company, which instead chose to notify law enforcement and tell users about the incident. "We owe it to our customers to be transparent and act with integrity,” Robinhood chief security officer Caleb Sima said in the post. "Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do."
According to the company, the hacker stole roughly five million email addresses for Robinhood users, as well as the names of about two million other members of the investment service, late on November 03. The hacker also appeared to have obtained the names, birth dates, and zip codes of 310 users, as well as extra account information for some of them, according to Robinhood.
"The attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident," Robinhood said in the post. Hackers could exploit the stolen data to try to dupe Robinhood users with ruses like "phishing" emails posing as the company.
In 2019, there was yet another security breach. According to emails sent to concerned consumers in July 2019, Robinhood admits to storing client passwords in cleartext and readable form throughout their internal systems. Robinhood declined to specify how many consumers were affected by the error, claiming that no evidence of abuse had been discovered. However, in 2020, the company admitted that the hacking spree had affected almost 2,000 Robinhood Markets accounts and that hackers had siphoned off consumer funds, indicating that the attacks were more widespread than previously thought and that Robinhood had been slow to respond.
