Robinhood Security Breach Affected 7 Million Users

Trading app Robinhood reported today that a security breach resulted in attackers gaining access to user information.

Millions of Users Affected

According to Robinhood, attackers obtained the email addresses of 5 million users and the full names of another 2 million people.

Furthermore, 310 people had additional information stolen, including their name, date of birth, and zip code. 10 of those customers had “more extensive account details revealed.” The company says that no financial information—such as SSNs, bank account numbers, or debit card numbers—was stolen. Furthermore, no customers experienced financial loss.

Robinhood added that the attacker responsible demanded an extortion payment to prevent the information from leaking, but did not say whether it complied with those demands. The company says that it informed legal authorities of the incident and that security firm Mandiant is carrying out an investigation. Robinhood reports that the incident happened late during the evening of Wednesday, Nov. 3 but did not give an exact time.

Other Companies Have Been Targeted

Various other crypto companies have seen less severe data leaks following the same pattern. In late October, CoinMarketCap leaked the email addresses of approximately 3 million users.

Other companies that have suffered similar attacks include Celsius, Ledger, and BitMEX. Though those companies did not necessarily disclose the extent of each attack, each company has roughly 1 to 3 million users, making those attacks smaller by default.

The larger scale of this week’s attack is likely due to Robinhood’s comparatively mainstream appeal. Robinhood is not merely a cryptocurrency app, but rather a retail stock trading app with secondary crypto features.

Robinhood has approximately 31 million users, meaning that the attack affected just under a quarter of its user base.

Disclaimer: At the time of writing this author held less than $100 of Bitcoin, Ethereum, and altcoins.

Read More