A famous hacking forum and marketplace is selling the personal information of about 7 million Robinhood users who were exposed in a recent data breach.
Last week, Robinhood announced a data breach after one of its employees was compromised, and the attacker utilized their account to gain access to the personal data of around 7 million customers via customer support systems.
Late in the evening of November 3, we experienced a data security incident. An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers. Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.
The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems. At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.
We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people.
Robinhood is an American financial services firm based in Menlo Park, California. It is best known for offering commission-free stock, ETF, and cryptocurrency trading via a mobile app launched in March 2015.
Private Data Belonging to Robinhood Sold Online
Following the Robinhood data breach disclosure, a cybercriminal known as pompompurin’ posted on a hacking forum that the stolen information is available for sale.
The threat actor declared that he was selling stolen data belonging to Robinhood customers for at least five figures, which is $10,000 or more.
The company did not reveal the theft of ID cards at first, and the attacker declares to have downloaded them from…