Robinhood Says It Was Hacked and Extorted But Nobody Lost Any Money

Robinhoood was hacked last week by someone who socially engineered a customer service representative to gain access to the email addresses of more than 5 million customers, the full names of 2 million other customers, and other data from a much smaller group of customers, the company said in a blog post published Monday. The hacker then allegedly attempted to extort the company. Motherboard reports: "The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems," Robinhood wrote in the blog post. "At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people."

"We also believe that for a more limited number of people -- approximately 310 in total -- additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed," it added. "We are in the process of making appropriate disclosures to affected people." Robinhood wrote that "the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.â

The Sheriff of Nottingham

[nospam007]

...was not amused.

Headline Spin

[Anonymous Coward]

Why does the headline focus on nobody having lost any money when the crucial point is all the data that was obtained?

Re:

[NFN_NLN]

> Why does the headline focus on nobody having lost any money

Day trader mindset. Their entire existence revolves around how much did I make or lose today and nothing else. They have no concept of morals or long term-term consequences. A few die hard democrats I know even invested in DWAC for the gains.

Why that kind of access?

[Dan East]

How is it that a Customer Service Representative has any access that would allow downloading or dumping the entirety of the customer email database? The best they should be able to do is a manual lookup / search by a single email address at a time.

Sounds like one security lapse on top of another.

Re:

[gweihir]

Broken processes. The same everywhere.

Nobody Lost Any Money *yet*

[Alain Williams]

This only happened a few days ago - it is far too early to make a definite comment like that. This looks like Robinhood trying to white wash itself.

Sure.

[Arnonyrnous Covvard]

A convenient hacker appears.

Ironic?

[Dan East]

I wonder how many people will use Robinhood to sell Robinhood stock when the markets open back up in the morning?

Re:

[NFN_NLN]

It's the Facebook of trading. They go there because it's free not because it's any good.

Re:

[NFN_NLN]

I'd rather pay a trading fee..

"Kearns took his own life in June 2020 after mistakenly believing he owed $730,000 and his desperate attempts to get in touch with Robinhood went unanswered, according to his family. "

https://www.cnn.com/2021/07/01... [cnn.com]

Re:

[DarkRookie2]

I rather not get into gambling.

plot twist

[rogoshen1]

It was the SEC.

Social Security Numbers?

[dabears85]

Why is Robinhood storing SSNs? Are they contributing to investors social security?

Re:

[Espectr0]

required to verify customer's identity and tax status

Re:

[tlhIngan]

Tax reporting purposes. If you make money on the market, you have to pay capital gains tax. If you didn't, you can use the capital losses to offset capital gains earned elsewhere.

All of this needs to be reported to the IRS.

Why say anything?

[DarkRookie2]

Is there a legal requirement to say when you got hacked now that was put in effect that I am not aware of?
I already know that companies do not pay for good CSRs, so you get what you pay for.