AgenciesSan Francisco: Robinhood Markets Inc. warned users that a hacker talked their way past the stock-trading app's defences, stealing millions of user email addresses and more.
The culprit called customer support and, pretending to be an authorized party, duped a Robinhood employee into providing access to the customer support computer system, a hacker technique referred to as “social engineering”, the company said in a blog post. After stealing information from Robinhood, the hacker tried to extort payment from the company, which opted to alert police and warn users about the data breach, according to the post.
The Robinhood data breach took place late on Nov. 3, with the hacker snatching about five million email addresses, along with the names of about two million other members of the investment service, according to the company. Robinhood said it also appeared that the hacker got hold of names, birth dates and zip codes associated with 310 users, plus additional account details about some of those people.
“The attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” Robinhood said in the post.
Hackers could use the stolen information to try to trick Robinhood members with ruses such as "phishing" emails pretending to be the company.
Robinhood has been credited with introducing a generation of new individual investors to the stock market, but the platform is also known for features that critics say can make it addictive. Game-like aspects of Robinhood have also raised concerns that users may overlook serious financial ramifications of investing.
The culprit called customer support and, pretending to be an authorized party, duped a Robinhood employee into providing access to the customer support computer system, a hacker technique referred to as “social engineering”, the company said in a blog post. After stealing information from Robinhood, the hacker tried to extort payment from the company, which opted to alert police and warn users about the data breach, according to the post.
“We owe it to our customers to be transparent and act with integrity,” Robinhood’s Chief Security Officer Caleb Sima said in the post. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
The Robinhood data breach took place late on Nov. 3, with the hacker snatching about five million email addresses, along with the names of about two million other members of the investment service, according to the company. Robinhood said it also appeared that the hacker got hold of names, birth dates and zip codes associated with 310 users, plus additional account details about some of those people.
“The attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” Robinhood said in the post.
Hackers could use the stolen information to try to trick Robinhood members with ruses such as "phishing" emails pretending to be the company.
Discover the stories of your interest
Robinhood has been credited with introducing a generation of new individual investors to the stock market, but the platform is also known for features that critics say can make it addictive. Game-like aspects of Robinhood have also raised concerns that users may overlook serious financial ramifications of investing.
