Share this article on:
Robinhood has released new information regarding last week’s mass data breach, confirming that “several thousand” phone numbers were also stolen throughout the hack.
On 8 November, share trading platform Robinhood confirmed in a blog post that the company had been the victim of a mass cyber breach, with the information of an estimated seven million people stolen by the hackers. According to the company, the theft included five million emails as well as names of an additional two million people.
The company believes that the threat actors gained access to the information by socially engineering a customer support employee via phone, enabling them to gain access to some customer support systems.
The initial data breach is expected to have occurred on the evening of 3 November.
“At this time, we understand that the unauthorised party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people,” the company initially released in a statement.
“We also believe that for a more limited number of people – approximately 310 in total – additional personal information, including name, date of birth and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people.”
Robinhood confirmed that the cyber criminals demanded a ransom payment for the data, and that they are working with cyber security firms and law enforcement agencies to contain the threat.
Robinhood has revealed today that the hackers have also stolen “several thousand” phone numbers, in addition to the emails and names.
Media outlet Vice has confirmed that its Motherboard technology brand had been approached by representatives of the hackers, who obtained a copy of the stolen numbers.
"We previously disclosed that, based on our investigation, the unauthorised party obtained a list of email addresses for approximately five million people, as well as full names for a different group of approximately two million people. We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyse," Robinhood added.
More to follow.
[Related: FBI external emails hacked; hackers send out bogus messages]
[Related: Hackers target regional Qld water corporation in 9-month-long hack]
[Related: Hackers breach 9 critical infrastructure organisations, exploit ADSelfService Plus server]