Hacking attempts are often sophisticated but in some cases gaining access to a company’s internal networks is as simple as asking an employee for login credentials. This is often achieved through a phishing email, where employees are tricked into visiting a website that asks them to log in with their Microsoft 365 credentials. Similar tactics were recently used in an attack on the stock trading platform Robinhood.
On November 3, 2021, a threat actor called the Robinhood customer service department and spoke to an employee. Social engineering techniques were used to trick that individual into providing information that allowed the threat actor to access certain customer support systems. After gaining the required information, the threat actor was able to access the personal information of customers, including names, email addresses, dates of birth, and zip codes.
According to Robinhood, a list of the email addresses of 5 million of its customers were obtained, along with a list of the full names of around 2 million individuals. A small subset of individuals also had their name, date of birth, and zip code compromised. Robinhood said that list included the information of 310 individuals. Robinhood customers use the platform for buying and selling stock, which requires them to provide bank account and debit card information; however, the threat actor does not appear to have been able to access that information.
After the information was exfiltrated, the attacker sent a ransom demand to Robinhood demanding payment for the return of the data. It is currently unclear how much was demanded and whether any payment was made. Robinhood said it engaged the services of the cybersecurity firm Mandiant to investigate the breach and that the investigation is ongoing.
Given the types of data obtained by the attacker, the biggest threat to Robinhood customers is phishing attacks. The email addresses could be used to send messages to app users to trick them into disclosing sensitive information or installing malware. Those messages could potentially spoof Robinhood, be related to the data breach, or could use any number of different lures.
Robinhood has advised all of its customers to check for messages from the company inside the app, to be suspicious of any emails received that appear to have been sent by Robinhood or are linked to the data breach, and to only interact with authorized Robinhood social apps, which can be found through the app, via Help Center > General Questions > Robinhood Social Media.
Robinhood has requested customers report any attempted phishing attempts to the company – [email protected] – and to enable 2-factor authentication on their accounts.