Robinhood, a mobile stock trading application, revealed on Tuesday that phone numbers and other personal information were also taken in the latest data breach.
“We previously disclosed that, based on our investigation, the unauthorized party obtained a list of email addresses for approximately five million people, as well as full names for a different group of approximately two million people. We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze,” Robinhood revealed in an update yesterday.
Hackers penetrated Robinhood’s servers in early November after employing social engineering to deceive an employee into granting them access to customer support systems. The business first stated that the attacker had gotten access to five million customers’ email addresses and two million users’ full names. For about 310 people, more personal information such as name, date of birth, and zip code was exposed. There were ten of them, with “more complete account data” disclosed.
According to Robinhood, several thousand entries on the list have phone numbers, and the file also contains other text entries that they’re still looking into. Vice’s Motherboard, which reported the news about the phone numbers being made public, found from a source that the list contains around 4,400 phone numbers.
While the investigation is still ongoing, Robinhood stated that it had discovered no indication that more sensitive data such as social security numbers, bank account numbers, or payment card numbers were hacked, nor that any customers have lost money due to the event.
An individual who previously claimed responsibility for sending 100,000 fraudulent emails from an FBI email account has offered to sell data supposedly stolen from Robinhood. However, it’s unclear if they were involved in the hack or if the data being sold is legitimate. When Robinhood revealed the event, it stated that the hacker requested an extortion payment, implying that the attack was executed with the intent of making money.
