Data theft on trading platform Robinhood through social engineering: millions of customer data affected

Threat Alert

Online stock trading platform Robinhood has confirmed that it has fallen victim to a cyberattack. More than five million email addresses, two million names and other sensitive customer data were stolen.

We’ll get to the heart of what exactly happened and how you can best protect yourself.

What happened?

On November 8, Robinhood made public via its blog that the trading platform had fallen victim to a social engineering attack. An attacker gained access to some of the company’s databases by manipulating a customer service representative over the phone.

This allowed the cybercriminal to steal around seven million names and email addresses of users of the platform. In addition, a smaller number of other personal data such as zip codes, birth dates, as well as full names of 310 customers were compromised. Among them are 10 customers for whom further sensitive data fell into the hands of the criminals.

The relevant customers were informed about the incident by the trading company.

According to Robinhood, no sensitive financial information such as account numbers or debit card numbers were affected. Customers therefore did not suffer any direct financial losses as a result of the data theft.

After successfully cleaning and securing the affected systems, the attackers made a ransom demand, which Robinhood did not respond to. Instead, the company informed relevant law enforcement authorities and hired an external security company to investigate the incident.

What are the risks to my business?

Information such as names, email addresses and dates of birth can be used by criminal hackers to conduct targeted cyberattacks. Paired with other personal data, they often provide a sufficient basis to create a clear picture of potential targets. This in turn can serve as a basis for Spear-Phishing attacks.  In addition, names and dates of birth are often used to verify a person’s identity as part of authentication processes and are therefore to be classified as particularly critical.
Cybercriminals may opportunistically use the current data protection incident to circulate phishing emails that disseminate supposed information on behalf of Robinhood. In the process, users could be persuaded to disclose their data on fake Robinhood landing pages through contrived login CTAs in the emails.

What can I do?

If you are a Robinhood customer, follow these recommended actions:

  1. Pay special attention to messages that might imitate Robinhood messages. Read messages from this sender carefully and check them for spelling and grammar mistakes as well as unusual calls to action. All of these may be indications of phishing emails.
  2. Be especially skeptical if you receive emails from Robinhood that encourage you to log in via a link.  Only log in using your account in the app or your web browser.
  3. To verify your deposited information on the trading platform, visit Robinhood’s Help Center: Help Center > My Account & Login > Account Security.
    In addition: make your employees aware. By paying attention and being prudent, they can prevent harm even where technology can’t. Raise everyone’s awareness of social engineering.
  4. If you have any questions about this or other security incidents, please do not hesitate to contact us. Our experts will be happy to advise you!