Mobile stock trading platform Robinhood has confirmed that information stolen by hackers in the recent data security incident also included thousands of phone numbers. Initially, the company claimed that the hackers obtained access to a limited amount of its customers’ personal information.
Earlier this month, Robinhood disclosed a data breach that exposed names and email addresses of nearly 7 million customers, as well as “extensive account details” of a small portion of its users. Additionally, 310 customers had more details like zip codes and dates of birth stolen, while 10 customers had “more extensive account details revealed.” The company had not mentioned that the intruder obtained phone numbers in its original disclosure statement. It did, however, say that a hacker obtained access to certain customer support service by tricking a customer support employee using social engineering techniques, and that they “demanded an extortion payment.”
Although the company did not reveal how many phone numbers were stolen, according to Motherboard, the amount of impacted phone numbers is around 4,400.
Motherboard said that it obtained a copy of the stolen phone numbers from “a proxy for the hackers.” When asked if the numbers belonged to Robinhood customers, the company told the outlet that “We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze.”
According to BleepingComputer, a few days after Robinhood disclosed the security breach, the data for nearly 7 million of its customers was offered for sale on a hacker forum. In a forum post, the seller who goes online as “pompompurin”, said he was selling 7 million Robinhood customers' stolen information for at least five figures, which is $10,000 or higher.