Robinhood's 7 million users' data stolen via phone call
Robinhood announced a data breach that exposed the information of about 7 million users after an employee gave a hacker access to internal systems. Social engineering techniques were at work.
The security breach occurred on November 3, when a certain person simply called the investment app's customer service desk. The caller then tricked a Robinhood employee into giving him access to important user information, and he managed to get the emails of about 5 million people and the full names of about 2 million more.
That's bad enough on its own, but it got even worse from there. Robinhood also reports that the data of about 310 people has been exposed to even more, including their names, dates of birth and zip codes. Ten of those customers had even more details about their accounts disclosed, but Robinhood is silent on exactly what information was obtained by the attacker.
Fortunately for most customers, Robinhood claims that no Social Security numbers, bank account numbers or credit card numbers were among the stolen information.
Credit must be given to the social engineering skills of the unknown attacker. Most people assume that a person trying to gain access to users' private data would probably not think to call a publicly available customer service number.