"Robinhood Says Millions of Customer Names and Email Addresses Taken in Data Breach"
Online stock trading platform Robinhood has confirmed it was hacked last week. More than five million customer email addresses and two million customer names were taken during the breach. The company said that a malicious hacker had socially engineered a customer service representative over the phone on November 3rd to obtain access to customer support systems. That allowed the hacker to get customer names and email addresses and the additional full names, dates of birth, and ZIP code of 310 customers. Robinhood said that ten customers had “more extensive account details revealed.” Robinhood did not say what information specifically, though they stated that no Social Security numbers, bank account numbers, or debit card numbers were exposed. The information accessed by the adversary can be used to facilitate further attacks against victims, like targeted phishing emails, since names and dates of birth can often be used to verify a person’s identity. The company said once it secured its systems, the hacker then “demanded an extortion payment.” Robinhood instead notified law enforcement and security firm Mandiant to investigate the breach.