2 min read

Leaked Robinhood Data Offered for Sale on Hacking Forums

Silviu STAHIE

November 16, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Leaked Robinhood Data Offered for Sale on Hacking Forums

Data stolen in the attack that compromised Robinhood systems and stole private information on millions of people is now up for sale.

Robinhood revealed that it fell victim to a cyberattack in which an unknown threat actor tricked a customer support employee into installing remote access software. Even more interesting is that this hack used no malware -- it relied solely on social engineering.

These types of intrusions show that employee training is just as necessary as a security solution. It's hard to catch an intruder when an employee simply opens the doors and hands over the key to the kingdom.

BleepingComputer reached out to the threat actor and verified that the data was accurate and on sale for a "five-figure" sum. The hackers also revealed that they also obtained some more in-details information on a handful of people, and Robinhood confirmed the information.

"As we disclosed on November 8, we experienced a data security incident and a subset of approximately 10 customers had more extensive personal information and account details revealed," Robinhood told BleepingComputer.

"These more extensive account details included identification images for some of those 10 people. Like other financial services companies, we collect and retain identification images for some customers as part of our regulatory-required Know Your Customer checks."

This was only possible because the threat actor had complete remote control over the customer support systems, allowing them to steal credentials and even take screenshots, which they also shared.

What distinguishes the Robinhood attack is that the attackers quickly resorted to blackmail after stealing the information and didn't just dump the data on hacking forums for a small price.

In the initial announcement, Robinhood said the hackers obtained a list of email addresses for approximately 5 million people and full names for a different group of roughly 2 million people. Around 310 people had been more affected, with criminals obtaining additional personal information, including name, date of birth and zip codes.

Bitdefender Digital Identity Protection (DIP) helps you take control and minimize your digital footprint by continuously monitoring for data breaches that could put your at risk for identity theft and fraud attempts. You can monitor your digital footprint starting with your e-mail address and phone number. Our tool helps you find your private information online, both in legal and illegal collections of data.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant
Filip TRUȚĂ

December 03, 2021

2 min read
WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out
Silviu STAHIE

December 03, 2021

1 min read
Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack
Graham CLULEY

December 03, 2021

2 min read