Robinhood, the popular investment & trading platform, was recently hacked and fell prey to an extortion attempt. The extorter used their unauthorized access to millions of customers’ email addresses and full names as leverage.
The Platform informed about the incident through a blog post published on Monday: the blog assured users that no money was lost in the incident.
An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers,” the company revealed while emphasizing that the breach had since been contained and that there had been “no financial loss to any customers.”
The incident had its roots in a social engineering scheme targeting a customer support employee. The hacker finagled the employee into accessing certain customer support systems. After that, the hacker got access to the email addresses of approximately 5 million customers and the full names of approximately 2 million customers, the company said.
For some customers the breach affected them at a deeper level: “We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed,” the company’s blog post says.”
When reached for comment, a Robinhood representative confirmed to Gizmodo that no “Social Security numbers, bank account information, or debit card numbers were exposed in the breach.”