Bleeping Computer recently reported a data breach from popular stock trading platform Robinhood. This breach has impacted over 7 million of their customers.
The attack took place November 3rd after a cybercriminal used social engineering tactics to convince a employee to gain access to the customer support systems. Once the support systems were accessed, the cybercriminal was able to obtain personal information from Robinhood's customer database.
Robinhood released this statement on their blog, "At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people".
While the company believes that debit card numbers and bank account numbers were not exposed during the attack, they have received an extortion demand (a threat to lead the stolen data in exchange for Bitcoin ransom).
Robinhood recommends taking the following precautions if you're a customer:
Look out for any phishing emails that are designed to steal your login credentials
Only interact with the authorized Robinhood social apps. You can find these social accounts within the app at Help Center > General Questions > Robinhood Social Media.
Report suspected phishing scams to email@example.com
Enable 2-factor authentication for Robinhood accounts within the app at Accounts > Security and Privacy > Two-Factor Authentication.
Had the Robinhood employee received new-school security awareness training, this data breach could have been prevented. This unfortunate incident should serve as a warning for your organization to continually educate your users on the latest threats and attack tactics.