By Gideon Adonai
US-based cryptocurrency exchange, Robinhood, has announced a security incident occurring from hacking.
This was made known in a blog post seen by AF24news.
The company said an unauthorised third party obtained access to a limited amount of personal information for a portion of its customers.
Investigations revealed that the attack has been contained and the company believes that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.
The incident took place late in the evening of November 3, according to Robinhood.
The unauthorised party socially engineered a customer support employee by phone and obtained access to certain customer support systems.
Robinhood said: “At this time, we understand that the unauthorised party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.
“We also believe that for a more limited number of people – approximately 310 in total – additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people.
“After we contained the intrusion, the unauthorized party demanded an extortion payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm.”
“As a safety first company, we owe it to our customers to be transparent and act with integrity,” said Robinhood Chief Security Officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”