Robinhood warned users Monday that a hacker bypassed the stock trading app’s defenses and stole millions of user email addresses and more.
The perpetrator called customer support pretending to be an authorized party and tricked a Robinhood employee into granting access to the customer support computer system, a hacking technique known as “social engineering,” the company said in a blog post.
After stealing information from Robinhood, the hacker attempted to extort payments from the company, which chose to alert the police and warn users of the violation, the Post said.
“We owe it to our customers to be transparent and act with integrity,” said Caleb Sima, Robinhood’s chief security officer.
“After a careful review, it is right now to bring this incident to the attention of the entire Robinhood community.”
The attack came on late November 3, when the hacker stole about five million Robinhood user email addresses, as well as the names of about two million other members of the securities service, according to the company.
Robinhood said it also appears the hacker obtained the names, dates of birth, and zip codes of 310 users, as well as additional account details of some of those people.
“The attack has been contained and we believe that social security numbers, bank account numbers or debit card numbers have not been disclosed and that no customer has been financially harmed as a result of the incident,” Robinhood said in the Post.
Hackers could use the stolen information to trick Robinhood members with tricks such as “phishing” emails purporting to be the company.
Robinhood is credited with bringing a generation of new retail investors to the stock market, but the platform is also known for features that critics say can be addicting.
Game-like aspects of Robinhood have also raised concerns that users could overlook the serious financial implications of investing.