A couple of weeks ago a hacker managed to infiltrate
Robinhood's network and access email addresses and full names for millions of customers. The person who is purportedly responsible has now listed the stolen data for sale on a popular underground forum where they are seeking a payday of at least five figures ($10,000 or more).
Robinhood publicly disclosed the breach on November 8, saying it experienced a "data security incident" late in the evening of November 3. Fortunately, the stock trading service said it found no evidence that Social Security numbers, bank account numbers, or debit card numbers were compromised, nor was there anything to suggest any loss of finances as a result of the breach.
What happened is a hacker "socially engineered a customer support employee by phone" to gain access to some of Robinhood's support systems. Once inside, the hacker pilfered a list of email addresses for around five million people, full names for two million people, personal information for a few hundred customers, and more extensive account details for ten people.
Almost all of that data is now being sold on a hacking forum. In the post, the person claiming responsibility says, "Minimum I'm look for is 5 figures. Don't message me if you're going to offer less."
They also claim to have received "quite a lot of messages" for the stolen data. For whatever reason, personal details for 310 Robinhood customers are not included—maybe that will be offered separately, or the hacker has a shred of morals and is only looking to sell email addresses, not names and physical addresses.
Perhaps the most interesting aspect of all this is how exactly the hacker managed to pull off a sort of phishing attack against a Robinhood employee over the phone rather than email. The hacker told
BleepingComputer they
tricked the employee into installing remote access software, which allowed them to view and record login details.
Another interesting note is that this hacker, who goes by pompompurin, is the same who
breached the FBI last weekend and then proceeded to send out fake cybersecurity emails.