Robinhood data breach nightmare hinged on customer service slip

A company statement said the Nov 3 breach hinged on a phone call where the hacker duped a customer support staffer. It didn’t provide details on how exactly the culprit gained entry. — AFP

Robinhood Markets Inc caught criticism last year for its shortcomings in customer support. After racing to staff up, the company has a new problem: a customer service representative mishap allowed a hacker to steal the personal information of about seven million users.

The Menlo Park, California-based brokerage app is reeling from the largest hack in its history, which compromised private details of about one-third of its users. A company statement said the Nov 3 breach hinged on a phone call where the hacker duped a customer support staffer. It didn’t provide details on how exactly the culprit gained entry.

The intruder made off with email addresses of about five million Robinhood users, as well as full names for a separate group of about two million, and demanded an extortion payment. For some customers, even more personal data was exposed, including names, birth dates and ZIP codes of about 310 people, and more extensive information belonging to a group of about 10.

“Financial services firms are huge targets because there are always new customers coming: a refresh of identities, a refresh of credentials,” said Bob Rudis, chief data scientist at the cybersecurity firm Rapid7 Inc. “Everyone talks about ransomware, but credentials and identities are still things being sold on the dark web and criminal forums. It’s very valuable data.”

The episode is unfolding as Robinhood works to convince users and watchful regulators that it can live up to the “safety first” mantra its executives often repeat. The high-profile breach shows that the path remains fraught as Robinhood expands rapidly. It also comes as a blow to the brokerage at a moment when it’s angling to get users to entrust more of their financial lives to the app. Robinhood has a waitlist for cryptocurrency wallets, and plans to offer other products including retirement accounts in the future.

Robinhood said it believes no Social Security, bank account or debit-card numbers were exposed in the hack, nor that customers incurred financial losses. It said it contained the breach, notified law enforcement and enlisted security firm Mandiant Inc. to investigate.

Shares of Robinhood fell 3% to US$36.85 (RM152.91) at 10.24am in New York.

Mandiant chief technology officer Charles Carmakal said Robinhood “conducted a thorough investigation to assess the impact” and that his firm expects the intruder to continue to target and extort other organisations over the next several months.

In a separate episode last year, almost 2,000 Robinhood accounts were compromised in a hacking spree, where customer accounts were looted. Some complained there was no one available to call.

The firm, which helped popularise free trading, went on a hiring binge for customer-service staff, more than tripling the size of that team in 2020. The brokerage opened offices in Arizona, Texas and Colorado as part of its expansion. It unveiled round-the-clock phone support last month. – Bloomberg

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

Big tech ad revenue growth to taper as pandemic bubble pops -analyst
Instagram down for thousands of users - Downdetector
CD Projekt's first-quarter profit more than doubles
Student in SG, 16, made to fake kidnapping for ransom in China officials’ scam
Musk sued by Twitter investors for delayed disclosure of stake
Get your crypto house in order, old guard tells Davos debutantes
Fintechs fail to make a dent in Mexico as cash remains king
Joby receives FAA nod to start air taxi services commercially
Chipmaker Broadcom to buy VMware in $61 billion deal
US Embassy lends a helping hand in empowering Malaysian game creators

Others Also Read