Bleeping Computer recently reported a data breach from popular stock trading platform Robinhood. This breach has impacted over 7 million of their customers.
The attack took place November 3rd after a cybercriminal used social engineering tactics to convince a employee to gain access to the customer support systems. Once the support systems were accessed, the cybercriminal was able to obtain personal information from Robinhood's customer database.
Robinhood released this statement on their blog, "At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people,"
- Look out for any phishing emails that are designed to steal your login credentials
- Only interact with the authorized Robinhood social apps. You can find these social accounts within the app at Help Center > General Questions > Robinhood Social Media.
- Report suspected phishing scams to reportphishing@robinhood.com
- Enable 2-factor authentication for Robinhood accounts within the app at Accounts > Security and Privacy > Two-Factor Authentication.
Had the Robinhood employee received new-school security awareness training, this data breach could have been prevented. This unfortunate incident should serve as a warning for your organization to continually educate your users on the latest threats and attack tactics.