An attack launched against Robinhood allowed the attacker to obtain the email addresses of 5 million individuals, along with the full names of some people. A smaller subset, number just over 300, also had their zip code and DoB stolen. Robinhood, per their official statement, does not believe that any banking/payment details or social security numbers were taken as part of the attack and that they are not aware of any financial loss suffered by their customers.
The initial details indicate that the attackers gained access to Robinhood’s systems by posing as a member of Robinhood’s Customer Service group, which allowed them to gain access to support systems. Once they had this access, they exfiltrated the aforementioned information and attempted to extort Robinhood to stop the release of that information. When Robinhood reported the attack to the authorities, it appears that the stolen information was then released.
