Robinhood, a mobile stock trading service, suffered a data breach affecting over 7 million people.
"No Social Security numbers, bank account numbers, or debit card numbers were compromised, and we do not expect any financial loss to our customers as a result of this incident," Robinhood said in a blog post yesterday (November 8).
"The unauthorized access included email addresses for approximately 5 million people and a list of full names for approximately 2 million people."
However, the company said that "for a more limited number of people (approximately 310 in total), additional personal information was exposed, including names, birthdates, and zip codes, and for approximately 10 customer subset, more extensive account details were revealed."
He added.
Robinhood said it is "in the process of making appropriate disclosures to those affected." (The Record had a screenshot of one such message sent to a customer whose email address was made public.) He did not mention whether users' passwords were leaked.
If you have a Robinhood account, you may want to change your account password ASAP, just in case. According to the company's blog post, you can change it by going to "Help Center > My Account and Login > Account Security."
Your new password should be unique, strong, and something you have never used before. If you have trouble keeping track of all your passwords, use one of the best password managers available.
According to Robinhood, on November 3, someone called customer support and successfully convinced the support representative to allow the caller access to the internal system, support representative and convinced the support representative to allow the caller access to the company's internal systems.
The 5 million customers whose email addresses were compromised should be aware of a possible increase in spam emails, especially phishing emails that appear to have come from Robinhood itself.
"If in doubt, log in to see a message from Robinhood. We never include links to access your account in our security warnings."
But for the approximately 300 people whose full name, date of birth, and zip code were leaked, the situation may be worse. The full name and date of birth would give identity thieves a head start, and the zip code would help credit card thieves use the stolen numbers.
For the 10 or so people whose more information was revealed, Robinhood has not said exactly what was stolen, so we can only assume the worst. In that case, you might want to consider signing up for the best identity theft protection service that Robinhood should pay for.
Comments