Robinhood revealed that on November 3rd it suffered a security breach. This exposed data from as many as 7,000,000 users, or about a third of its userbase. According to the financial services company, the bad actor obtained email addresses for 5 million people as well as the names of approximately 2 million customers. The infiltrator also managed to access additional information about 310 users, including name, birth date, and zip code. Ten customers were among the 310 who had more extensive account information.
Robinhood stated that no Social Security numbers, bank account numbers, or debit card numbers were compromised in the incident. However, it is still making appropriate disclosures to affected customers. Users can make free stock and crypto trades through the company. After gaining access to the hacker's data, the attacker demanded payment and threatened to do what with the information if they didn't pay.
Robinhood spokeswoman told Bloomberg it was not a ransomware attack. However, they declined to disclose if they had paid up and how much. However, it did state that it had informed law enforcement about the breach, and that Mandiant was able to investigate it. Charles Carmakal (CTO of Mandiant) told Bloomberg that this breach could be just the beginning of many more. The firm apparently expects the attacker will target other organizations and companies in the coming months.