A caucasian hand holding a bitcoin

Robinhood app hacked

Popular stock market and cryptocurrency trading platform Robinhood recently admitted it had suffered a data breach. Five million Robinhood users had their email addresses exposed, with another two million users having their full names revealed.

How did the Robinhood data breach occur?

The breach, which occurred in early November, saw a hacker contact a Robinhood customer support employee and dupe them into providing access details for some of its customer support systems.

Following the data breach, Robinhood wrote in a blog on its website: “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.”

According to Robinhood, “several thousand entries” in the hacked data also included telephone numbers.

Worryingly, Robinhood also disclosed: “We also believe that for a more limited number of people —approximately 310 in total— additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed.”

Next steps for Robinhood

It is known that the hacker behind the attack has issued an extortion demand to Robinhood, presumably to prevent the data from being leaked onto the dark web. Robinhood didn’t disclose whether it had paid anything to the hacker. The company did say it had informed law enforcement authorities and has hired cybersecurity incident response experts Mandiant to investigate the incident.

Robinhood has notified all affected account holders and has sent warnings to guard against phishing attacks, where hackers may send emails posing as Robinhood to gain access to accounts and cash.

Robinhood’s advice to users reads: “If you are a customer looking for information on how to keep your account secure, please visit Help Center > My Account & Login > Account Security. When in doubt, log in to view messages from Robinhood —we’ll never include a link to access your account in a security alert.”

What to do if you’re affected by the Robinhood data breach

If you have been affected by the Robinhood data breach, you would have already received advice around securing your account.

If you haven’t yet taken action, ensure you do so at the earliest opportunity, including:

  • Setting a hard to crack password, ideally generated by a password generator
  • Setting up two-factor authentication for your account
  • Changing any passwords that were the same as your Robinhood account password

Although passwords weren’t compromised, if hackers managed to guess your password, they’ll try your email and password combination on other websites.

Get in Touch

Fill in the form below to tell us your details, and we’ll get started.