The attack against RobinHood's networks occurred on November 3 ^rd .

It happened after an unidentified threat actor called the company's customer support line and utilized some in-person social engineering techniques to gain access to the customer support system.

This threat actor was able to access a wide range of customer information including:

Based on the company's disclosure statement the attacker was able to exfiltrate more than 5 million email addresses, the full name of some two million customers, birth dates, and zip codes for about 300 people. Even more extensive account information was taken for around 10 people.

An investigation into the matter is ongoing at this point. The company does not believe any customer social security numbers, bank account numbers, or debit card numbers were exposed.

On the heels of the attack RobinHood received an extortion demand. The company has declined to make the details of the demand public but the nature of the threat was that unless the company paid a ransom in BitCoin the stolen information would be released to the public.

If you use the platform out of an abundance of caution you should change your password immediately. Be on the lookout for phishing emails sent to the address you used when you signed up on RobinHood in case the attacker tries to contact you to steal other credentials.

Finally if you haven't already done so the company recommends two-factor authentication as soon as possible. If you need to contact the company for support from inside the RobinHood app simply tap "Account  Help  Contact Us."

Used with permission from Article Aggregator