US share-trading app Robinhood has been hit by a security breach that has exposed the names or email addresses of more than seven million people, reports BBC.
About the data breach
The company says the breach affected “a limited amount of personal information for a portion of our customers”. And it does not believe the most sensitive information it gathers – US social security numbers and financial information – was revealed.
The breach happened on 3 November through what’s known as “social engineering” – a specifically targeted and convincing scam designed to trick an employee into divulging login details or other sensitive information.
It affected five million people whose email addresses were compromised and the full names of a further two million. Robinhood also said a much smaller group of about 310 people had much more information exposed – including names, dates of birth, and US zip codes.
A further 10 or so had “more extensive account details revealed”, it said.
Robinhood reported the attack
Robinhood said it had rejected a demand for payment and reported the attack.
Such ransom demands are not uncommon in cyber-attacks and usually amount to a promise not to sell on the compromised data or leak it for free online. The company did not say what terms were involved in its case.
Instead of complying with what it called “extortion”, Robinhood said it had notified law-enforcement authorities and hired an external cyber-security firm to help deal with the incident.
Robinhood is available only to US users and requires them to be over 18, provide a valid social security number, and a valid US address. It is that sensitive information which the company says was not exposed.
Did you subscribe to our daily Newsletter?
It’s Free! Click here to Subscribe