Shares of Robinhood (NASDAQ: HOOD) were sent into a nosedive Wednesday afternoon, after reports emerged that a security breach on the trading app days earlier compromised a lot more sensitive information than previously thought.
It appears that the hackers behind Robinhood’s data security incident from days ago actually gained access to significantly more sensitive information than just users’ names and email addresses. According to Vice, which cited an unknown source said to be a “proxy” for the hackers, the internal customer support tools obtained in the attack opened access for the hackers to tamper with customers’ accounts, including the removal of multi-factor authentication controls, adding “trusted” devices onto the accounts, and even blocking users from accessing their accounts.
Vice received screenshots depicting some of the sensitive information the hackers had access to, including telephone numbers— something that Robinhood previously failed to announce. Although the information presented in the screenshots was heavily redacted, it also shows that hackers were able to view users’ IP addresses, trusted devices, and balances including net cash and buying power.
On Wednesday, Robinhood confirmed that a subset of 10 out of the 5 million customers whose data was compromised in the security breach had significantly more information exposed via the internal control tool. Vice also reported that the hackers are advertising access to Robinhood’s stolen data on an underground forum.
Information for this briefing was found via Vice. The author has no securities or affiliations related to this organization. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.
