ROBINHOOD HIT BY RANSOMWARE
Robinhood, the American fintech platform, announced that on 3 November it was the victim of a data breach in which the email addresses of 5 million of its customers were compromised along with the full names of another 2 million users of the app. The dark web hackers accused the platform of underplaying the hack, claiming that the cyberattack had also exposed the identities of some of its members. While Robinhood also confirmed that a small sample of 310 users had their names, dates of birth and postal codes stolen, it did not believe that the most sensitive information that it gathers – US social security numbers and financial data – were laid bare. In a statement to BBC News, Robinhood said that the breach affected
“…a limited amount of personal information for a portion of our customers.”
Robinhood also confirmed that there had been no financial loss of any kind to any of its customers following the incident.
WHAT IS ROBINHOOD?
Robinhood should not be confused with its namesake English folklore hero, Maid Marian’s sweetheart. The financial technology platform, founded in California in 2015, is an online stocks and shares trading app that also provides the opportunity for investors to trade in cryptocurrencies. Robinhood is only available to residents in the United States and in July the company went public at $38 a share giving it a valuation of $32 billion. While the platform is commission-free, it faces stiff competition from other discount brokerages, new and established fintech companies, banks, cryptocurrency exchanges, asset management firms, and technology platforms. Robinhood makes its money from payment for order flow, premium membership fees, stock loans, interest on uninvested cash, and fees related to its debit card,
HOW DID THE HACK HAPPEN?
Back to the breach. Robinhood reported that the attack on 3 November was the result of a social engineering ploy by hackers. The cybercriminal made a phone call to the platform’s customer support service and through a convincing scam persuaded an employee to provide:
“…access to certain customer support systems.”
In this way, login details were divulged, giving the hacker access to the sensitive information of millions of Robinhood customers. The company also confirmed that after the intrusion, the hacker demanded an extortion payment in the form of ransomware.
HOW DID ROBINHOOD RESPOND?
Wisely, Robinhood did not succumb to the ransomware attack and refused to pay. The platform notified the relevant law enforcement agencies and hired the security firm Mandiant to investigate the incident. Mandiant was in investigated the SolarWinds supply chain attack in December 2020 and also the Colonial Pipeline ransomware attack in May this year. Robinhood’s security officer, Caleb Sima, said in a published statement:
“We owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
PREVENTION IS BETTER THAN CURE
With the appropriate cybersecurity awareness and training, the Robinhood hack could have undoubtedly been avoided. As in almost every instance, it is human error or lack of thorough training that ultimately causes a cyberattack – in whatever form it may take. With more than 20 years of experience in professional business IT, cybersecurity and IT systems management, I can help to ensure that you or your company never fall foul of a ransomware attack. My specialties are cybersecurity training and risk mitigation, along with expertise in managed services, bespoke apps and data protection and backup. Contact me today and get unprecedented and world-class cybersecurity training and ongoing support for you and your employees. Remember, it’s always better to fix something before it breaks. Fix it now.