threatpost.com
Open in
urlscan Pro
35.173.160.135
Public Scan
URL:
https://threatpost.com/robinhood-trading-platform-data-breach/176106/
Submission: On November 09 via api from US — Scanned from DE
Submission: On November 09 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
POST /robinhood-trading-platform-data-breach/176106/#gf_5
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_5" id="gform_5" action="/robinhood-trading-platform-data-breach/176106/#gf_5">
<div class="gform_body">
<ul id="gform_fields_5" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_5_8" class="gfield field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_8"></label>
<div class="ginput_container ginput_container_text"><input name="input_8" id="input_5_8" type="text" value="" class="medium" placeholder="Your name" aria-invalid="false"></div>
</li>
<li id="field_5_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_1"><span class="gfield_required">*</span></label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_5_1" type="text" value="" class="medium" placeholder="Your e-mail address" aria-required="true" aria-invalid="false">
</div>
</li>
<li id="field_5_9" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden"><input name="input_9" id="input_5_9" type="hidden" class="gform_hidden"
aria-invalid="false" value=""></li>
<li id="field_5_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label"><span class="gfield_required">*</span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_2">
<li class="gchoice_5_2_1">
<input name="input_2.1" type="checkbox" value="I agree" id="choice_5_2_1">
<label for="choice_5_2_1" id="label_5_2_1">I agree to my personal data being stored and used to receive the newsletter</label>
</li>
</ul>
</div>
</li>
<li id="field_5_5" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label"><span class="gfield_required">*</span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_5">
<li class="gchoice_5_5_1">
<input name="input_5.1" type="checkbox" value="I agree" id="choice_5_5_1">
<label for="choice_5_5_1" id="label_5_5_1">I agree to accept information and occasional commercial offers from Threatpost partners</label>
</li>
</ul>
</div>
</li>
<li id="field_5_10" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_10">Comments</label>
<div class="ginput_container"><input name="input_10" id="input_5_10" type="text" value=""></div>
<div class="gfield_description" id="gfield_description__10">This field is for validation purposes and should be left unchanged.</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_5" class="gform_button button" value="Subscribe" onclick="if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; jQuery("#gform_5").trigger("submit",[true]); }" style="display: none;"> <input
type="hidden" name="gform_ajax" value="form_id=5&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_5" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="5">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_5" value="WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_5" id="gform_target_page_number_5" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_5" id="gform_source_page_number_5" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>POST https://threatpost.com/wp-comments-post.php
<form action="https://threatpost.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<div class="o-row">
<div class="o-col-12@md">
<div class="c-form-element"><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true" placeholder="Write a reply..."></textarea></div>
</div>
</div>
<div class="o-row">
<div class="o-col-6@md">
<div class="c-form-element"><input id="author" name="author" placeholder="Your name" type="text" value="" size="30"></div>
</div>
<div class="o-col-6@md">
<div class="c-form-element"><input id="email" name="email" placeholder="Your email" type="text" value="" size="30"></div>
</div>
<div class="o-col-12@md">
<div class="c-form-element c-checkbox-wrapper"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"><label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the
next time I comment.</label></div>
</div>
</div>
<p class="comment-form-checkbox c-form-element c-checkbox-wrapper"><input type="checkbox" value="1" name="subscribe" id="subscribe"><label for="subscribe">Notify me when new comments are added.</label></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="c-button c-button--primary" value="Send Comment"> <input type="hidden" name="comment_post_ID" value="176106" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="81407d8cbd"></p><!-- the following input field has been added by the Honeypot Comments plugin to thwart spambots -->
<input type="hidden" id="R9R63m8nwHtR2f7kdGYtPF2cZ" name="0HLOPcBECmqUz7dgCLhR1E66w">
<script type="text/javascript">
document.addEventListener("input", function(event) {
if (!event.target.closest("#comment")) return;
var captchaContainer = null;
captchaContainer = grecaptcha.render("recaptcha-submit-btn-area", {
"sitekey": "6LfsdrAaAAAAAMVKgei6k0EaDBTgmKv6ZQrG7aEs",
"theme": "standard"
});
});
</script>
<script src="https://www.google.com/recaptcha/api.js?hl=en&render=explicit" async="" defer=""></script>
<div id="recaptcha-submit-btn-area"> </div>
<noscript>
<style type="text/css">
#form-submit-save {
display: none;
}
</style>
<input name="submit" type="submit" id="submit-alt" tabindex="6" value="Submit Comment">
</noscript><textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100" style="display: none !important;"></textarea><input type="hidden" id="ak_js" name="ak_js" value="1636472960337">
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>Text Content
Newsletter
SUBSCRIBE TO OUR THREATPOST TODAY NEWSLETTER
Join thousands of people who receive the latest breaking cybersecurity news
every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
*
* *
*
* *
* I agree to my personal data being stored and used to receive the
newsletter
* *
* I agree to accept information and occasional commercial offers from
Threatpost partners
* Comments
This field is for validation purposes and should be left unchanged.
This iframe contains the logic required to handle Ajax powered Gravity Forms.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
Threatpost
* Cloud Security
* Malware
* Vulnerabilities
* InfoSec Insiders
* Podcasts
*
*
*
*
*
*
*
Search
* Multiple BusyBox Security Bugs Threaten Embedded Linux DevicesPrevious
article
*
ROBINHOOD TRADING PLATFORM DATA BREACH HITS 7M CUSTOMERS
Author: Tara Seals
November 9, 2021 9:43 am
3:30 minute read
Write a comment
Share this article:
*
*
The cyberattacker attempted to extort the company after socially engineering a
customer service employee to gain access to email addresses and more.
Investor trading app company Robinhood Markets has confirmed a data breach that
affects the personal information of about 7 million customers – roughly a third
of its user base. A cyberattacker made off with emails and more, which could
lead to follow-on attacks for Robinhood customers.
The trading platform, which found itself in the middle of the infamous GameStop
stock price run-up in January, acknowledged that the breach was a result of a
system compromise that occurred on Nov. 3. The company said that the adversary
was able to target an employee to gain access to sensitive company systems.
After that, the perpetrator attempted to extort the company, demanding payment
in return for not releasing the stolen data.
“The unauthorized party socially engineered a customer-support employee by phone
and obtained access to certain customer support systems,” Robinhood said Monday
in a statement. It added, “After we contained the intrusion, the unauthorized
party demanded an extortion payment. We promptly informed law enforcement and
are continuing to investigate the incident with the help of Mandiant, a leading
outside security firm.”
For 5 million of the victims, the cybercrook made off with email addresses. For
2 million of them, the attacker also absconded with full names. Meanwhile,
names, birth dates and ZIP codes were stolen for 310 people, and “more extensive
account details” were heisted for 10 more, the company said.
The good news is that it looks like no Social Security numbers, bank account
numbers or debit card numbers were exposed, “and that there has been no
financial loss to any customers as a result of the incident,” according to the
Monday statement from the firm, which called the incident “contained.”
The company said it’s in the process of notifying affected individuals, who
could be targeted with additional, and convincing, social-engineering and
phishing attacks using their emails and other personal information gleaned from
public sources, experts warned.
But despite this, and despite the scope of the breach, a senior security
researcher for DomainTools, Chad Anderson, applauded the company for its
transparency.
“This is an unfortunate breach for Robinhood and reads like it could have been
prevented with more process,” he said via email. “I have to commend their team
for being transparent however with the impact of the breach and timeliness of
their information release. Responses like that allow defenders to warn users and
position themselves well for what will likely be a round of scams targeting the
emails of those users exposed.”
HOW TO DEFEND AGAINST SOCIALLY ENGINEERED DATA BREACHES
Notably, this breach was the result of duping an employee into falling for a
phishing attempt, rather than a hack of internal systems using a vulnerability
exploit or other avenue.
Preventing social-engineering attacks is notoriously difficult because in the
end, human error is impossible to root out. As a starting point, though,
employees should be trained to spot and report social engineering and phishing
attacks, and organizations should have a policy telling employees how to report
these attacks, according to Erich Kron, security awareness advocate at KnowBe4.
“Social engineering continues to play a significant role in spreading malware
and ransomware as well as in breaches such as this one,” he said via email. “The
bad actors behind these attacks are often highly-skilled and very convincing
when they get a potential victim on the line. Unfortunately, technology is not
good at stopping these attacks, so the best defense against these attempts is
education and training.”
This is especially important in an era when most employees work in a
hyper-accelerated data environment, added Trevor Morgan, product manager with
data security specialists comforte AG, in an email.
“We have all gotten used to working faster and pushing information out as fast
as we can, but this is exactly the vulnerability that social engineering preys
upon,” he said. “Not taking the time to inspect emails, to think through a
situation without haste or pressure, or to confirm a request to ensure the
legitimacy of the requestor is the fatal flaw.”
He added that organizations can do two things: Encourage a security-minded
company culture and employ data security.
“One, build an organizational culture that values data privacy and encourages
employees to slow down and consider all of the ramifications before acting on
requests for sensitive information,” he explained. Two, IT leaders can consider
data-centric security as a means to protect sensitive data rather than the
perimeters around data. “Tokenization, for example, not only makes sensitive
data elements incomprehensible, but it also preserves data format so business
applications and users can still work with the data in protected states. If you
never de-protect data, chances are that even if it falls into the wrong hands,
the sensitive information cannot be compromised.”
Want to win back control of the flimsy passwords standing between your network
and the next cyberattack? Join Darren James, head of internal IT at Specops, and
Roger Grimes, data-driven defense evangelist at KnowBe4, to find out how during
a free, LIVE Threatpost event, “Password Reset: Claiming Control of Credentials
to Stop Attacks,” on Wed., Nov. 17 at 2 p.m. ET. Sponsored by Specops.
Register NOW for the LIVE event and submit questions ahead of time to
Threatpost’s Becky Bracken at becky.bracken@threatpost.com.
Write a comment
Share this article:
* Breach
* Web Security
SUGGESTED ARTICLES
REVIL AFFILIATES ARRESTED; DOJ SEIZES $6.1M IN RANSOM
The U.S. is seeking the extradition of a Ukrainian man, Yaroslav Vasinskyi, whom
they suspect is behind the Kaseya supply-chain attacks and other REvil attacks.
November 8, 2021
DDOS ATTACKS SHATTER RECORDS IN Q3, REPORT FINDS
Q3 DDoS attacks topped thousands daily, with more growth expected.
November 8, 2021
ZEBRA2104 INITIAL ACCESS BROKER SUPPORTS RIVAL MALWARE GANGS, APTS
Researchers have uncovered a large, tangled web of infrastructure being used to
enable a wide variety of cyberattacks.
November 8, 2021
DISCUSSION
LEAVE A COMMENT CANCEL REPLY
Save my name, email, and website in this browser for the next time I comment.
Notify me when new comments are added.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
INFOSEC INSIDER
* BEYOND THE BASICS: TIPS FOR BUILDING ADVANCED RANSOMWARE RESILIENCY
November 5, 2021
* 3 GUIDEPOSTS FOR BUILDING A BETTER INCIDENT-RESPONSE PLAN
November 4, 2021
* PREDICTING THE NEXT OWASP API SECURITY TOP 10
November 3, 2021
* ALL SECTORS ARE NOW PREY AS CYBER THREATS EXPAND TARGETING
October 28, 2021
1
* RANSOMWARE ATTACKS ARE EVOLVING. YOUR SECURITY STRATEGY SHOULD, TOO
October 27, 2021
1
Newsletter
SUBSCRIBE TO THREATPOST TODAY
Join thousands of people who receive the latest breaking cybersecurity news
every day.
Subscribe now
Twitter
The @FBI has seen an uptick in attacks against tribal casinos, with the
#ransomware groups Bitpaymer, Conti, Cuba,… https://t.co/9aL0HRLNsn
4 days ago
Follow @threatpost
NEXT 00:02 01:22 360p 720p HD 1080p HD Auto (360p) About Connatix V137217 Closed
Caption About Connatix V137217 1/1 Skip Ad Continue watching after the ad Visit
Advertiser website GO TO PAGE
SUBSCRIBE TO OUR NEWSLETTER, THREATPOST TODAY!
Get the latest breaking news delivered daily to your inbox.
Subscribe now
Threatpost
The First Stop For Security News
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
* Copyright © 2021 Threatpost
* Privacy Policy
* Terms and Conditions
* Advertise
*
*
*
*
*
*
*
TOPICS
* Black Hat
* Breaking News
* Cloud Security
* Critical Infrastructure
* Cryptography
* Facebook
* Government
* Hacks
* IoT
* Malware
* Mobile Security
* Podcasts
* Privacy
* RSAC
* Security Analyst Summit
* Videos
* Vulnerabilities
* Web Security
Threatpost
*
*
*
*
*
*
*
TOPICS
* Cloud Security
* Malware
* Vulnerabilities
* Privacy
Show all
* Black Hat
* Critical Infrastructure
* Cryptography
* Facebook
* Featured
* Government
* Hacks
* IoT
* Mobile Security
* Podcasts
* RSAC
* Security Analyst Summit
* Slideshow
* Videos
* Web Security
AUTHORS
* Tara Seals
* Tom Spring
* Lisa Vaas
THREATPOST
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
Search
*
*
*
*
*
*
*
InfoSec Insider
INFOSEC INSIDER POST
Infosec Insider content is written by a trusted community of Threatpost
cybersecurity subject matter experts. Each contribution has a goal of bringing a
unique voice to important cybersecurity topics. Content strives to be of the
highest quality, objective and non-commercial.
Sponsored
SPONSORED CONTENT
Sponsored Content is paid for by an advertiser. Sponsored content is written and
edited by members of our sponsor community. This content creates an opportunity
for a sponsor to provide insight and commentary from their point-of-view
directly to the Threatpost audience. The Threatpost editorial team does not
participate in the writing or editing of Sponsored Content.
We use cookies to make your experience of our websites better. By using and
further navigating this website you accept this. Detailed information about the
use of cookies on this website is available by clicking on more information.
ACCEPT AND CLOSE