Some 7 million Robinhood customers’ data stolen in a data breach are being sold on hacking forums and marketplaces.
Stock app company Robinhood discloses security breach and extortion
Robinhood has announced that one of its employees was hacked and that the attacker used that account to access the information of about 7 million users through its customer support system.
The data stolen in this attack includes the following personal information of Robinhood users.
- Email addresses for 5 million customers
- Full names for 2 million other customers
- Name, date of birth, and zip code for 300 customers
- More detailed account information for 10 customers
Robinhood said that in addition to stealing the data, the hackers tried to extort the company to prevent the data from being released.
Stolen email addresses are particularly popular among threat actors, especially those related to financial services, because they can be used in targeted phishing attacks to steal more sensitive data.
Stolen Robinhood data was sold on hacking forum
Two days after Robinhood went public with their attack, an attacker by the name of “pompompurin” announced that they would be selling the data on a hacking forum.
pompurin said in a forum post that he would sell the stolen information of 7 million Robinhood customers for at least five figures (over $10,000).
The data sold included 5 million email addresses, and for another batch of Robinhood customers, 2 million email addresses and their full names. However, pompurin said it did not sell the data of 310 customers whose more sensitive information was stolen, including the identities of some users.
Robinhood did not initially disclose the identity theft, saying that the attackers downloaded them from SendSafely, a secure file transfer service used by trading platforms to perform customer verification (KYC) requirements.
As we disclosed on November 8, we experienced a data security incident in which some of our approximately 10 customers had their more extensive personal and account details revealed
These The more extensive account details included identifying images of some of these 10 people. Like other financial services companies, we collect and retain identifying images of some of our customers as part of our regulatory customer verification requirements.
pompurin said he accessed Robinhood’s customer support system after tricking a help desk employee into installing remote access software on his computer.
Once remote access software is installed on a device, threat actors can monitor their activities, take screenshots, and access computers remotely. In addition, while remotely controlling the devices, the attackers could also use login credentials stored by employees to log into Robinhood’s internal systems that they were accessing, the statement said.
I was able to see all the account info of people. I was able to see some people’s account information while the support agent was working
As evidence of the attack, pompompurin posted a screenshot of the attacker accessing Robinhood’s internal systems.
These screenshots included an internal help desk system used to retrieve Robinhood member information by email address, an internal knowledge base page about the “Project Oliver Twister” initiative designed to protect high-risk customers, and an “annotations” page showing notes for specific customers. knowledge base page, and an “annotations” page showing notes for specific customers.
Possibly the same group involved in the recent FBI hack
This pompompurin is also the culprit behind the recent exploitation of the FBI mail server to send threatening emails.
FBI’s official email server hacked and used to send fake threatening letters: breach route unknown
U.S. companies began receiving emails sent from the FBI’s infrastructure, warning recipients that their “virtualization clusters” were being targeted in a “sophisticated” manner.
Comments