The cyberattacker attempted to extort the company after socially engineering a customer service employee to gain access to email addresses and more.
Investor trading app company Robinhood Markets has confirmed a data breach that affects the personal information of about 7 million customers – roughly a third of its user base. A cyberattacker made off with emails and more, which could lead to follow-on attacks for Robinhood customers.
The trading platform, which found itself in the middle of the infamous GameStop stock price run-up in January, acknowledged that the breach was a result of a system compromise that occurred on Nov. 3. The company said that the adversary was able to target an employee to gain access to sensitive company systems. After that, the perpetrator attempted to extort the company, demanding payment in return for not releasing the stolen data.
“The unauthorized party socially engineered a customer-support employee by phone and obtained access to certain customer support systems,” Robinhood said Monday in a statement. It added, “After we contained the intrusion, the unauthorized party demanded an extortion payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading