Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Robinhood. Show all posts

Robinhood Claims to have Exposed the Email Addresses of 5 Million Customers

 

On Monday, Robinhood issued a warning to users that a hacker had gotten past the stock-trading app's safeguards, obtaining millions of user email addresses and other information. The perpetrator contacted customer service and, posing as an authorized party, persuaded a Robinhood employee to grant access to the customer support computer system, a hacker tactic known as "social engineering," according to the company's blog post. 

Robinhood Markets, Inc. is an American financial services firm based in Menlo Park, California, that is most known for pioneering commission-free stock, exchange-traded funds, and cryptocurrency trading with a mobile app launched in March 2015. Robinhood is a FINRA-regulated broker-dealer that is also a member of the Securities Investor Protection Corporation. It is also registered with the US Securities and Exchange Commission. 

According to the post, after taking information from Robinhood, the hacker attempted to extort money from the company, which instead chose to notify law enforcement and tell users about the incident. "We owe it to our customers to be transparent and act with integrity,” Robinhood chief security officer Caleb Sima said in the post. "Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do."

According to the company, the hacker stole roughly five million email addresses for Robinhood users, as well as the names of about two million other members of the investment service, late on November 03. The hacker also appeared to have obtained the names, birth dates, and zip codes of 310 users, as well as extra account information for some of them, according to Robinhood. 

"The attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident," Robinhood said in the post. Hackers could exploit the stolen data to try to dupe Robinhood users with ruses like "phishing" emails posing as the company. 

In 2019, there was yet another security breach. According to emails sent to concerned consumers in July 2019, Robinhood admits to storing client passwords in cleartext and readable form throughout their internal systems. Robinhood declined to specify how many consumers were affected by the error, claiming that no evidence of abuse had been discovered. However, in 2020, the company admitted that the hacking spree had affected almost 2,000 Robinhood Markets accounts and that hackers had siphoned off consumer funds, indicating that the attacks were more widespread than previously thought and that Robinhood had been slow to respond.

Attackers Targeted Robinhood with a Phishing Campaign

 

Attackers have targeted clients of stock-trading broker Robinhood with a phishing campaign planned to steal their credentials and spread malware utilizing counterfeit tax documents, the organization has cautioned.

Robinhood Markets, Inc. is an American financial services organization settled in Menlo Park, California, known for offering commission-free trades of stocks and exchange-traded funds through a mobile application presented in March 2015. Robinhood is a FINRA-managed broker-dealer, enlisted with the U.S. Securities and Exchange Commission, and is a member of the Securities Investor Protection Corporation. The organization's revenue comes from three fundamental sources: interest earned on customers' cash balances, selling order information to high-frequency traders (a practice for which the SEC opened an investigation into the company in September 2020), and margin lending. As of 2020, Robinhood had 13 million clients. 

Robinhood, has confronted various regulatory and legal difficulties along the way, sent an email to clients Thursday warning of a phishing scam “that may have reached some of our customers.” 

Attackers targeted clients in two ways, as per the email. One assault vector utilized phishing emails with links to counterfeit Robinhood sites provoking visitors to enter their login credentials, including authentication codes the organization uses to help guarantee the security of individuals' accounts. Other emails saw assailants exploiting the tax season, requesting potential victims to download counterfeit tax files, for example, Form 1099—that included malware, as per the email. 

“There tends to be an increase in these types of emails around tax season, so we ask that you be extra careful about how you access your Robinhood account,” as per the email. Robinhood recommended individuals check the strength of safety features of the application on their gadgets, manually eliminating any gadgets they don't perceive from accessing and resetting passwords on the off chance that they believe they might be in danger. The organization likewise urged clients to reach out to its support team directly from the Robinhood application or its site. 

One of the main grievances among Robinhood clients was that they couldn't reach the company for support, causing regulators like the Securities and Exchange Commission (SEC) to become de facto customer support for the platform’s clients.