The popular crypto and stock-trading app, Robinhood, has been hit with a security breach, affecting over seven million users.
Ransom attack
The breach has exposed the names and email addresses of the seven million users, but the app assured users in a statement that no more sensitive information was leaked, such as US social security numbers and financial information.
Hackers used the exposed information as leverage, but Robinhood refused to comply with the demand for a ransom payment and instead reported the attack to law enforcement authorities.
Cyberattacks
Cyber attacks are nothing new, and in fact, cryptocurrency is an appealing choice for hackers, given its popularity and the fact that it is a digital currency with less regulation than regular stocks.
The BBC recently reported that one of the more famous cyber gangs, REvil, had been taken down on Monday, November 8th in a series of raids in Romania and Ukraine. They had a history of hacking data from global businesses, like Travelex and JBS SA, and ransoming their findings.
The hackers aiming at the Robinhood app haven’t been identified, and their tactics involved “social engineering” which is a more specific attack that looks to convince an employee of divulging login details, or in this case names and email addresses. Five million email addresses were collected alongside a further 2 million full names. Plus, a much smaller collection of about 310 users had their names, dates of birth, and US zip codes exposed.
Statements
Robinhood released a statement on their blog about the hack, saying, “Late in the evening of November 3, we experienced a data security incident. An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers.
“The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems.
“After we contained the intrusion, the unauthorized party demanded an extortion payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm.”