Robinhood has announced that its popular app has suffered from a data breach that has exposed millions of email addresses, names, and more sensitive information. On Monday, Robinhood released a statement confirming that it discovered the incident on the evening of November 3, explaining that it had detected an unauthorized third party managed to obtain users’ personal information. The company confirmed that no Social Security numbers, bank account numbers, and debit card numbers have been exposed in the breach. The customers affected by the breach have been emailed.
The unauthorized third party allegedly socially engineered a customer support employee by phone and obtained access to the customer support system. Roughly five million people’s email addresses were exposed and another group of two million had additional information exposed. For a limited number of people, additional personal information including name, date of birth, and zip code was exposed. Robinhood stated that the cybercriminal attacking its customers demanded an extortion payment. Robinhood claims that they did not pay the ransom, and instead contacted law enforcement and hired cybersecurity firm Mandiant.
Read More: Robinhood breach leaks information of 7 million people
