Categories: Data Breach

Over 7 Million Robinhood Customers’ Data Stolen & Sold on a Popular Hacking Forum

On a popular hacking forum, and marketplace recently data for almost 7 million Robinhood customers was stolen and sold. In this event, the threat actors have abused the network of Robinhood by hacking one of its employees.

The hacker got access to the information of approximately 7 million Robinhood users through the customer support systems of Robinhood, all thanks to the hacked accounts of employees.

Data Exposed

Types of data that has been compromised by the hacker are mentioned below:-

  • Email addresses of 5 million customers
  • Full names of 2 million other customers
  • Name of 300 people
  • Date of birth of 300 people
  • Zip code of 300 people
  • More extensive account information of ten people

In this incident, for not releasing the compromised data, the hacker tried to extort the company. While among threat actors these types of data are particularly popular since they use these data for performing other cyberattacks like phishing attacks.

Data Sold on a Hacking Forum

A threat actor named ‘pompompurin’ has proclaimed that on a popular hacking forum they were selling the data that they have stolen, and pompompurin announced this just after the two days when Robinhood disclosed the attack.

For at least five figures, which is about $10,000 or higher than this, pompompurin was selling the stolen data of the 7 million Robinhood customers, and this statement is stated by the pompompurin itself.

When performing Know Your Customer (KYC) requirements a secure file transfer service known as SendSafely is used by the trading platform, and here the hacker downloaded ID cards from SendSafely.

Recommendation

On the matter of safety, Robinhood Chief Security Officer Caleb Sima stated:-

“As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”

To keep your account secure Robinhood recommended visiting:-

  • Help Center > My Account & Login > Account Security

Moreover, they have also confirmed that in a security alert they never include any link to access your account.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search…

2 days ago

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the…

2 days ago

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains, posing…

2 days ago

HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware,…

2 days ago

RansomHub Ransomware Group Hits 84 Organizations as New Threat Actors Emerge

The RansomHub ransomware group has emerged as a significant danger, targeting a wide array of…

2 days ago

Threat Actors Leverage Email Bombing to Evade Security Tools and Conceal Malicious Activity

Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious…

2 days ago