Recently, the online stock trading platform Robinhood announced that it was hacked, with between five and seven million email addresses and two million names being leaked, along with some smaller and more specific data from its customers. According to a blog post from the platform, a malicious hacker had successfully socially engineered a customer service employee on the phone and managed to get access to the platform’s customer support system. After that, the hacker was able to get the names and email addresses of numerous customers, as well as the full names, dates of birth, and ZIP codes of over 300 other customers.
The company hasn’t disclosed the specific information that the hacker was able to access, only saying that there were more extensive details that were revealed. However, that’s precisely the type of information that malicious attackers can use for future attacks against victims. Those types of attacks include anything from sending out phishing emails to causing financial harm to the customers. Additionally, Robinhood also stated that after the systems had been secured, the hacker started demanding extortion payment, but that instead of paying off the hacker, the company decided to notify its security firm as well as law enforcement about the breach.
This attack is similar to the one that Twitter suffered last year when a teenager used social engineering strategies to convince some of the employees at Twitter that the teen was an employee. The strategy allowed the teen to access the internal administrator tool of the platform, which he used to take over some of the high-profile accounts on Twitter. He also decided to spread a cryptocurrency scam to the audiences of these high-profile accounts. That attack managed to net the hacker about $100,000 in cryptocurrency, and in the aftermath, Twitter decided to introduce security keys to the employees to improve its defenses against hackers.
