On Wednesday, November 3, Robinhood, the popular stock trading app, became the victim of a huge data breach, with 7 million customers expected to have had their information stolen.
A scammer reportedly gained access to Robinhood’s customer support systems after successfully social engineering an employee. The unauthorized party was able to obtain:
- Email addresses (~5 million)
- Full names (~2 million)
- Additional personal information, including date of birth, name, and zip codes (~310)
- About 10 of these people also had more extensive account information stolen.
Robinhood claims that no Social Security numbers, bank account numbers, or debit card numbers were exposed, and no customers lost any money. After the breach was contained, the scammer then tried to extort Robinhood, demanding money.
The company has engaged law enforcement and security firm, Mandiant, which is currently investigating the incident.
Caleb Sima, Robinhood Chief Security Officer
As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.
Are You a Robinhood User? What You Need to Know
Although minimal information was stolen by the scammer (emails and names), at least for most people, you must stay on the lookout for other scams resulting from this data breach.
With your email and full name, scammers can:
- Send you emails impersonating Robinhood or other legitimate companies in an attempt to steal more of your information or your money
- Send you emails containing malware or other malicious attachments
- Call you (after finding your phone number) and impersonate genuine companies to trick you into giving them your information or money
Additionally, if you were one of the more unlucky ones who had more than just your name and email address stolen, you could have your identity stolen, which can take years to recover from.
Luckily, Robinhood states that Social Security numbers were not stolen, minimizing your risk of identity theft. However, you still need to look for scams and monitor your accounts for suspicious activity.
Security Checklist for Robinhood Users
- Enable 2-factor authentication for your Robinhood account. This will ensure that hackers won’t be able to access your account even if they have your username and password.
- Change your Robinhood password. Although Robinhood states that the scammer did not steal passwords, you should change your password to be safe.
- Monitor your email, Robinhood account, and connected bank accounts for suspicious activity.
- Don’t open emails that look suspicious, and look for red flags of scam emails before clicking on any links or opening attachments.
- Don’t download attachments in emails from people you don’t know.
- Monitor your credit report, checking for any accounts that don’t look right.
- Don't give out any personal information to anyone over the phone, via email, or via social media (even if they claim to be from Robinhood or another trusted company).