Hacker steals customer e-mails from Robinhood
Robinhood on Monday warned users that a hacker talked their way past the stock-trading app's defenses, stealing millions of user e-mail addresses and more.
The culprit called customer support and, pretending to be an authorized party, duped a Robinhood employee into providing access to the customer support computer system, a hacker technique referred to as "social engineering," the company said in a blog post.
After stealing information from Robinhood, the hacker tried to extort payment from the company, which opted to alert police and warn users about the breach, it said.
"We owe it to our customers to be transparent and act with integrity," Robinhood chief security officer Caleb Sima said in the post.
"Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do."
The breach took place late on November 3, with the hacker snatching about 5 million e-mail addresses for Robinhood users, along with the names of about 2 million other members of the investment service.
Robinhood said it also appeared that the hacker got hold of names, birth dates and zip codes associated with 310 users, plus additional details about some of those people.
"The attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers," it said.
Hackers could use the stolen information to try to trick Robinhood members with ruses such as "phishing" e-mails pretending to be the company.