Robinhood hack exposes data from millions of customers
An attacker socially engineered an employee at the stock-trading platform to gain access to customer support systems


Robinhood has revealed that an unauthorised third party has gained access to millions of customers’ data, adding to the company’s troublesome 2021.
The stock-trading platform said in a blog post that on 3 November a hacker socially engineered a customer support employee by phone and obtained access to certain customer support systems. The company said the unauthorised party obtained a list of email addresses for approximately five million people, and full names for a different group of two million people.
Robinhood added that for around 310 people, personal information like name, date of birth, and zip code were exposed, with a subset of around 10 customers having more extensive account details revealed, although it did not disclose what these details were.
Following the breach, the unauthorised party demanded an extortion payment, said the company, which informed law enforcement and is continuing to investigate the incident with the help of an outside security firm.
Robinhood is also in the process of making disclosures to those affected but believes that no social security numbers, bank account numbers, or debit card numbers were exposed. There has been no financial loss to any customers as a result of the incident.
RELATED RESOURCE
2021 state of email security report: Ransomware on the rise
Securing the enterprise in the COVID world
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood chief security officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
2021 has been a tricky year for Robinhood, which was summoned to a Congressional hearing in February after the company’s app facilitated a January GameStop squeeze. It was instigated by the subreddit r/WallStreetBets and the platform decided to halt trade on popular stocks, as reported by The Verge.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
In July, the company had the worst debut ever for an IPO of its size, according to Bloomberg. Shares in the broker fell 8.4% below the IPO price in the company’s first trading session, the worst debut among 51 US firms that raised as much cash as Robinhood or more.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
Troy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
By Jane McCallion Published
-
LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to know
News Cyber criminals are flocking to LinkedIn to conduct social engineering campaigns, research shows.
By Solomon Klappholz Published
-
Phishing campaign targets developers with fake CrowdStrike job offers
News Victims are drawn in with the promise of an interview for a junior developer role at CrowdStrike
By Solomon Klappholz Published
-
Iranian hackers targeted nuclear expert, ported Windows infection chain to Mac in a week
News Fresh research demonstrates the sophistication and capability of state-sponsored threat actors to compromise diverse targets
By Richard Speed Published
-
Malware being pushed to businesses by search engines remains a pervasive threat
News High-profile malvertising campaigns in recent months have surged
By Ross Kelly Published
-
CISA: Phishing campaign targeting US federal agencies went undetected for months
News Threat actors used legitimate remote access software to maliciously target federal employees
By Rory Bathgate Published
-
Google Ads malvertising campaign prompts questions around Search security
News A leading security researcher has called into question why Google still allows malware links to top search results
By Rory Bathgate Published
-
Uber hacked via basic smishing attack
News The self-taught hacker impersonated an IT worker to gain an Uber employee's password, obtaining broad access to internal systems and posting taunting messages
By Rory Bathgate Published