Online broker Robinhood has admitted to leaking users’ personal data. The incident occurred on November 3, the company said in a blog post.
“A third party has obtained unauthorized access to a limited amount of personal information of some of our customers,” the statement said.
Based on the investigation, the firm believes that social security numbers and bank card details were not disclosed and none of the users suffered financial losses.
According to the statement, unknown persons used social engineering methods against a support service employee and gained access to some service systems.
The company determined that the attackers received a list of email addresses of about five million people and the full names of another group of about two million users.
310 accounts have an additional amount of personal information compromised, including name, date of birth and mailing address. Hackers received a larger amount of data for 10 users from this group.
After the localization of the attack, the attackers demanded a ransom, Robinhood noted.
The company contacted law enforcement agencies and continued to investigate the incident together with the cybersecurity firm Mandiant.
Recall that in October Robinhood launched a service for round-the-clock support of users by phone.