The occurrence happened last week on November third when a hacker called a Robinhood client assistance worker and utilized social engineering techniques to hoodwink them into surrendering access to specific client service frameworks.
“In light of our examination, the assault has been contained and we accept that no Social Security numbers, bank account numbers, or credit card numbers were uncovered and that there has been no monetary misfortune to any clients because of the occurrence,” the organization wrote in a blog entry on Monday. All things being equal, Robinhood has just revealed proof that the attacker “got a rundown of email addresses for around 5,000,000 individuals and complete names for an alternate gathering of roughly 2,000,000 individuals.”
“We likewise trust that for a more set number of individuals — around 310 altogether — additional personal data, including name, date of birth, and postal district, was uncovered, with a subset of roughly 10 clients having more broad record subtleties uncovered,” Robinhood said, without expounding. The hacker additionally gave a coercion interest to Robinhood. Regardless of whether the organization paid it was left inferred. In any case, Robinhood has since informed law implementation and employed the security firm Mandiant to examine the occurrence.
Also, the organization anticipates advising all impacted clients about the break. The email from Robinhood is clearly cautioning clients to be wary of phishing assaults that will attempt to imitate the organization with an end goal to seize admittance to a client’s record.
“In case you are a client searching for data on the best way to keep your record secure, if it’s not too much trouble, visit Help Center > My Account and Login > Account Security,” the organization added.