Robinhood, a USA-based stock trading and investing app, recently announced that it was a victim of a cyber attack, wherein the attacker obtained access “to limited amount of personal information” of over 7 million customers.
Of the 7 million customers, Robinhood said, —
- Email addresses of approximately 5 million people were breached in the incident
- Full names of 2 million were also exposed.
- Information of 310 people such as names, date of birth and zip code was breached.
- “More extensive account details” was breached of 10 customers
Robinhood did not provide any insight into what these account details are. However, they clarified —
Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident
This is the second instance of a cyber attack on a financial entity in a week. Recently, India’s largest securities depository Central Depository Services Limited (CDSL) exposed sensitive data of around 4.39 crore investors, cybersecurity firm CyberX9 reported. Data on trading platforms include personal and financial documents which if it falls in the hands of malicious actors, can be a major cause for concern.
How did the hack happen?
Robinhood said that the malicious actor —
- Socially engineered a customer support employee by phone and obtained access to certain customer support systems
- After containing the intrusion, the malicious actor demanded a ransom
The platform said that it informed law enforcement officials of the matter and was taking the help of Mandiant, a third-party security firm.
What are the consequences of such data falling into the wrong hands?
CyberX9, which reported that India’s CDSL faced a data breach, outlined the following potential negative consequences if the exposed data fell into the hands of criminals. Although they were made in an Indian context, many of the points hold universal concern:
- A virtual gold mine for phishers and scammers: The exposed data “could be a virtual gold mine also for phishers and scammers” who can use it to carry out Business Email Compromise (BEC) scams, extortion calls, income tax refund scams, and other scams that involves impersonating banks or government agencies, CyberX9 said.
- Identity theft: The exposed data could have also been used for identity theft to create fake bank accounts or avail loans, CyberX9 said.
- Disrupting the share market: Malicious attackers can target the exposed investors to spread misinformation to manipulate share markets, CyberX9 reported.
- Compromises other accounts: “People commonly use the type of information been exposed here as their passwords and security questions to services. That’s why it can also lead to people’s social media, emails, and other accounts being hacked by malicious attackers,” including bank and demote accounts, CyberX9 explained.
- Exclusive: Over 30 Data Breach Incidents Reported In India Since The Year Began
- MobiKwik Still Under RBI Scanner After Alleged Data Breach In February: RTI
- Hacker Group Infected 13 Telecom Companies With Malware, Flags US Cybersecurity Firm
- Acer India Hit By Ransomware Attack, Over 60 GB Of Files And Databases Stolen
- Amazon’s Twitch Hit By Massive Data Breach, Entire Source Code And User Payout Info Leaked
Have something to add? Post your comment and gift someone a MediaNama subscription.