Data theft on trading platform Robinhood through social engineering: Millions of customer data affected

16.11.2021

Data theft on trading platform Robinhood through social engineering: Millions of customer data affected

Online stock trading platform Robinhood has confirmed that it has fallen victim to a cyberattack. More than five million email addresses, two million names and other sensitive customer data were stolen.

We get to the heart of what exactly happened and how you can best protect yourself.

What happened?

On November 8, Robinhood made public via its blog that the trading platform had been the victim of a social engineering attack. An attacker gained access to some of the company’s databases by manipulating a customer service employee over the phone.

This enabled the cybercriminal to capture around seven million names and email addresses of users of the platform. In addition, a smaller number of other personal data such as zip codes, dates of birth and full names of 310 customers were compromised. Among them are 10 customers for whom further sensitive data has fallen into the hands of the criminals.

The corresponding customers were informed of the incident by the trading company.

According to Robinhood, no sensitive financial information such as account numbers or debit card numbers were affected. Customers have therefore not suffered any direct financial losses as a result of the data theft.

After successfully cleaning and securing the affected systems, the attackers made a ransom demand, which Robinhood did not respond to. Instead, the company informed relevant law enforcement agencies and hired an external security company to investigate the incident.

What are the risks for my company?

Information such as names, email addresses, and dates of birth can be used by criminal hackers to carry out targeted cyberattacks. Coupled with other personal data, they often provide a sufficient basis to create a clear picture of potential target persons. This, in turn, can serve as a basis for spearphishing attacks. In addition, names and dates of birth are often used to verify a person’s identity as part of authentication processes and are therefore to be classified as particularly critical.
Cybercriminals can opportunistically exploit the current data breach and circulate phishing emails that spread supposed information in the name of Robinhood. In the course of this, users could be persuaded to disclose their data on fake Robinhood landing pages by constructing login CTAs in the emails.

What can I do?

If you’re a Robinhood customer, follow these recommendations:

Pay special attention to messages that might mimic Robinhood messages. Read messages from this sender carefully and check them for spelling and grammar errors, as well as unusual calls to action. All of these can be indications of phishing emails.
Be especially skeptical if you receive emails from Robinhood that encourage you to log in via a link. Only log in via your account in the app or your web browser.
To review your information on the trading platform, visit Robinhood’s Help Center: Help Center > My Account & Login > Account Security.
In addition: Sensitize your employees. Through attention and prudence, they can avert damage even where technology cannot do so. Raise awareness of social engineering among all stakeholders.
If you have any questions about this or other security incidents, please do not hesitate to contact us. Our experts will be happy to advise you!