18 November 2021

Robinhood says ‘several thousand’ phone numbers also stolen in recent data breach


Robinhood says ‘several thousand’ phone numbers also stolen in recent data breach

Mobile stock trading platform Robinhood has confirmed that information stolen by hackers in the recent data security incident also included thousands of phone numbers. Initially, the company claimed that the hackers obtained access to a limited amount of its customers’ personal information.

Earlier this month, Robinhood disclosed a data breach that exposed names and email addresses of nearly 7 million customers, as well as “extensive account details” of a small portion of its users. Additionally, 310 customers had more details like zip codes and dates of birth stolen, while 10 customers had “more extensive account details revealed.” The company had not mentioned that the intruder obtained phone numbers in its original disclosure statement. It did, however, say that a hacker obtained access to certain customer support service by tricking a customer support employee using social engineering techniques, and that they “demanded an extortion payment.”

Although the company did not reveal how many phone numbers were stolen, according to Motherboard, the amount of impacted phone numbers is around 4,400.

Motherboard said that it obtained a copy of the stolen phone numbers from “a proxy for the hackers.” When asked if the numbers belonged to Robinhood customers, the company told the outlet that “We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze.”

According to BleepingComputer, a few days after Robinhood disclosed the security breach, the data for nearly 7 million of its customers was offered for sale on a hacker forum. In a forum post, the seller who goes online as “pompompurin”, said he was selling 7 million Robinhood customers' stolen information for at least five figures, which is $10,000 or higher.


Back to the list

Latest Posts

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Dropped countries include such countries as Morocco, Mexico, Saudi Arabia, or the UAE.
26 November 2021
CronRAT: New Linux malware that hides behind February 31 to stay undetected

CronRAT: New Linux malware that hides behind February 31 to stay undetected

The malware hides in the Linux calendar system and enables server-side Magecart data theft which bypasses browser-based security solutions.
26 November 2021
New malware campaign targets crypto, NFT and DeFi communities via Discord

New malware campaign targets crypto, NFT and DeFi communities via Discord

The Babadeda crypter is able to bypass signature-based antivirus solutions and was previously observed in malicious campaigns distributing RATs, and LockBit ransomware.
26 November 2021