Robinhood on Monday warned users that a hacker talked their way past the stock-trading app's defenses, stealing millions of user email addresses and more.

The culprit called customer support and, pretending to be an authorized party, duped a Robinhood employee into providing access to the customer support computer system, a hacker technique referred to as "social engineering," the company said in a blog post.

After stealing information from Robinhood, the hacker tried to extort payment from the company, which opted to alert police and warn users about the breach, according to the post.

"We owe it to our customers to be transparent and act with integrity," Robinhood chief security officer Caleb Sima said in the post.

"Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do."

The breach took place late on November 3, with the hacker snatching about five million email addresses for Robinhood users, along with the names of about two million other members of the investment service, according to the company.

Robinhood said it also appeared that the hacker got hold of names, birth dates and zip codes associated with 310 users, plus additional account details about some of those people.

"The attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident," Robinhood said in the post.

Hackers could use the stolen information to try to trick Robinhood members with ruses such as "phishing" emails pretending to be the company.

Robinhood has been credited with introducing a generation of new individual investors to the stock market, but the platform is also known for features that critics say can make it addictive.

Game-like aspects of Robinhood have also raised concerns that users may overlook serious financial ramifications of investing.

gc/to

Robinhood

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Tweet

Thanks for being here; We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor $5 Billed Once credit card or paypal		SpaceDaily Monthly Supporter $5 Billed Monthly paypal only

Ukrainian indicted in US for Kaseya ransomware attack
Washington (AFP) Nov 8, 2021
A 22-year-old Ukrainian arrested in Poland has been indicted in the United States as part of a global operation against ransomware attacks, including the high-profile July hack of IT software company Kaseya, officials said Monday. Yaroslav Vasinskyi, who was detained in Poland on October 8, was the most prominent of several people whose arrests were announced on Monday by US and European authorities. The arrests were linked to the Russian-based hacker group REvil, also known as Sodinokibi, and t ... read more