SECURITY
SECURITY
SECURITY
Social engineering attack on Robinhood affects 7M customers
Robinhood Markets Inc. has suffered a data breach, with the details of about 7 million customers stolen.
The company said in a blog post that the “data security incident” was detected on Nov. 3 and involved an unauthorized third party obtaining access to personal information for a portion of customers. While not providing specific details, Robinhood said that the attack vector involved the third party socially engineering a customer support employee by phone and obtaining access to certain customer support systems.
With access gained through social engineering, the third party then obtained the email addresses of about 5 million Robinhood customers and 2 million full names for a different group. The details of a small number of people, about 310 in total, were also compromised, with names, dates of birth and zip codes exposed. About 10 of those customers also had more extensive account details revealed.
The person behind the theft of the data demanded payment not to release the stolen information. Robinhood said that it had contacted law enforcement and was working with Mandiant Inc. to investigate the incident.
Robinhood being hacked in any form makes this a story notable, but it takes an interesting twist with social engineering. A typical social engineering attack consists of a cybercriminal psychologically manipulating a victim into performing actions or divulging informatio
Sometimes that might be pretending to be a senior company employee. This social engineering attack targeted Robinhood’s customer support by phone. The company’s customer support has only been recently expanded, with the company mentioning its deployment of 24/7 customer support in its most recent earnings report.
“Social engineering continues to play a significant role in spreading malware and ransomware as well as in breaches such as this one,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “The bad actors behind these attacks are often highly-skilled and very convincing when they get a potential victim on the line.”
Unfortunately, he added, technology is not good at stopping these attacks, so the best defense against these attempts is education and training. “Employees should be trained to spot and report social engineering and phishing attacks using short, focused training modules and organizations should have a policy telling employees how to report these attacks,” Kron advised.
Image: Robinhood
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
