US share-trading app Robinhood has been hit by a security breach that has exposed the names or email addresses of more than seven million people.
The company said that an “unauthorized third party obtained access to a limited amount of personal information for a portion of our customers.”
Robinhood has received criticism for untimely outages and trade restrictions amid market volatility, and has been charged by regulators for misleading customers, resulting in significant fines.
Read more: What Causes My Social Security Direct Deposit To Be Late?
Robinhood also said a much smaller group of about 310 people had much more information exposed – including names, dates of birth, and US zip codes.
A further 10 or so had “more extensive account details revealed”, it said.
Robinhood is available only to US users and requires them to be over 18, provide a valid social security number, and a valid US address. It is that sensitive information which the company says was not exposed.
Read more: The Feds Put Up $10 million For Anyone With Key Information About DarkSide Ransomware Group
“The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems,” Robinhood’s blog post wrote.
“At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.”
“We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed.
Read more: Scammers use Google Ads to siphon off hundreds of thousands of dollars from fake crypto wallets
We are in the process of making appropriate disclosures to affected people.”
Robinhood has enlisted Mandiant, a security firm that offers dynamic cyber defense and response services including extortion attempts, to assist in the recovery.
Robinhood maintains that there has been no financial loss affiliated with the hack. As of now, the company believes the attack has been “contained” and no Social Security numbers, bank account numbers, or debit card numbers have been stolen.
Stay updated with more news here at the East County Gazette.