wordpress blog stats
Connect with us

Hi, what are you looking for?

Data of over 7 million Robinhood customers breached in cyber attack

The trading app disclosed that it enlisted the help of a third-party security firm after the incident.

Robinhood, a USA-based stock trading and investing app, recently announced that it was a victim of a cyber attack, wherein the attacker obtained access “to limited amount of personal information” of over 7 million customers.

Of the 7 million customers, Robinhood said, —

  • Email addresses of approximately 5 million people were breached in the incident
  • Full names of 2 million were also exposed.
  • Information of 310 people such as names, date of birth and zip code was breached.
  • “More extensive account details” was breached of 10 customers

Robinhood did not provide any insight into what these account details are. However, they clarified —

Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident

This is the second instance of a cyber attack on a financial entity in a week. Recently, India’s largest securities depository Central Depository Services Limited (CDSL) exposed sensitive data of around 4.39 crore investors, cybersecurity firm CyberX9 reported. Data on trading platforms include personal and financial documents which if it falls in the hands of malicious actors, can be a major cause for concern.

How did the hack happen?

Robinhood said that the malicious actor  —

  • Socially engineered a customer support employee by phone and obtained access to certain customer support systems
  • After containing the intrusion, the malicious actor demanded a ransom

The platform said that it informed law enforcement officials of the matter and was taking the help of Mandiant, a third-party security firm.

What are the consequences of such data falling into the wrong hands?

CyberX9, which reported that India’s CDSL faced a data breach, outlined the following potential negative consequences if the exposed data fell into the hands of criminals. Although they were made in an Indian context, many of the points hold universal concern:

Advertisement. Scroll to continue reading.
  1. A virtual gold mine for phishers and scammers: The exposed data “could be a virtual gold mine also for phishers and scammers” who can use it to carry out Business Email Compromise (BEC) scams, extortion calls, income tax refund scams, and other scams that involves impersonating banks or government agencies, CyberX9 said.
  2. Identity theft: The exposed data could have also been used for identity theft to create fake bank accounts or avail loans, CyberX9 said.
  3. Disrupting the share market: Malicious attackers can target the exposed investors to spread misinformation to manipulate share markets, CyberX9 reported.
  4. Compromises other accounts: “People commonly use the type of information been exposed here as their passwords and security questions to services. That’s why it can also lead to people’s social media, emails, and other accounts being hacked by malicious attackers,” including bank and demote accounts, CyberX9 explained.

Also Read

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ