Robinhood hack exposes data from millions of customers

News
By published

An attacker socially engineered an employee at the stock-trading platform to gain access to customer support systems

The Robinhood logo displayed on a mobile phone with a stock trading chart in the background
(Image credit: Shutterstock)

Robinhood has revealed that an unauthorised third party has gained access to millions of customers’ data, adding to the company’s troublesome 2021.

The stock-trading platform said in a blog post that on 3 November a hacker socially engineered a customer support employee by phone and obtained access to certain customer support systems. The company said the unauthorised party obtained a list of email addresses for approximately five million people, and full names for a different group of two million people.

Inside the mind of a social engineer Criminals caught trying to recruit insiders to plant ransomware Microsoft warns of dangerous ‘BazaCall’ call centre ransomware scam

Robinhood added that for around 310 people, personal information like name, date of birth, and zip code were exposed, with a subset of around 10 customers having more extensive account details revealed, although it did not disclose what these details were.

Following the breach, the unauthorised party demanded an extortion payment, said the company, which informed law enforcement and is continuing to investigate the incident with the help of an outside security firm.

Robinhood is also in the process of making disclosures to those affected but believes that no social security numbers, bank account numbers, or debit card numbers were exposed. There has been no financial loss to any customers as a result of the incident.

RELATED RESOURCE

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

FREE DOWNLOAD

“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood chief security officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”

2021 has been a tricky year for Robinhood, which was summoned to a Congressional hearing in February after the company’s app facilitated a January GameStop squeeze. It was instigated by the subreddit r/WallStreetBets and the platform decided to halt trade on popular stocks, as reported by The Verge.

In July, the company had the worst debut ever for an IPO of its size, according to Bloomberg. Shares in the broker fell 8.4% below the IPO price in the company’s first trading session, the worst debut among 51 US firms that raised as much cash as Robinhood or more.

Zach Marzouk
Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.

A photo of the ASUS NUC 15 Pro+ mini PC on a dark grey background with concentric circles of dashed, yellow lines.

Looking for a new mini PC? The ASUS NUC 15 Pro+ is a productivity powerhouse – it’s quieter than previous models, AI-enabled, and is very compact
NetApp logo and branding pictured on a tablet screen in a cafe.

NetApp eyes SAN market gains amid tighter partner collaboration
ReliaQuest logo and branding pictured on a white background.

ReliaQuest targets international growth, agentic AI gains with $500 million investment
See more latest
Most Popular
A photo of the ASUS NUC 15 Pro+ mini PC on a dark grey background with concentric circles of dashed, yellow lines.
Looking for a new mini PC? The ASUS NUC 15 Pro+ is a productivity powerhouse – it’s quieter than previous models, AI-enabled, and is very compact
NetApp logo and branding pictured on a tablet screen in a cafe.
NetApp eyes SAN market gains amid tighter partner collaboration
ReliaQuest logo and branding pictured on a white background.
ReliaQuest targets international growth, agentic AI gains with $500 million investment
A person with a smartphone in a security zone
Former GCHQ intern risked national security after taking home top secret data
The ITPro and TechRadarPro awards logos
ITPro launches Picks 2025 Awards
Sourcetable founders Eoin McMillan and Andrew Grosser pictured in San Francisco.
Sourcetable, a startup behind a ‘self-driving spreadsheet’ tool, wants to replicate the vibe coding trend for data analysts
IoT cybersecurity concept image showing a digitized padlock sitting on a blue circuit board atop network traffic.
Law enforcement needs to fight fire with fire on AI threats
Marketing concept image showing megaphones.
Marketing talent brain drain could stunt channel partner success
Containerization concept image showing digital containers aligned together with glowing data transfers between.
Enterprise automation gains are being hampered by surging ‘data divides’
Female developer carrying out software security flaw remediation tasks on desktop computer in dimly-lit room with two monitors.
Red teaming comes to the fore as devs tackle AI application flaws