Robinhood’s Hack Worsens: Threat Actor Pilfers 4,400 Phone Numbers!

The recent hack on app-based investment platform Robinhood is getting worse.

Originally, Robinhood informed that the malicious actor purportedly obtained email addresses of 5 million users, full names of 2 million users. Additionally, personal information of about 310 users and extensive account details of 10 users were exposed. But that’s not the case.

The company’s latest update indicates that the perpetuator pilfered more data of its customers than Robinhood initially claimed.

“We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze,” said Robinhood its latest update on the security incident.

As a matter of fact, the hacker obtained phone numbers of around 4,400 customers, according to Motherboard, which obtained a copy of the stolen phone numbers from a “proxy for the hacker.”

Also Read: Robinhood Suffers Yet Another Massive Breach

Despite the latest events, the Menlo Park-based online trading platform staunchly reiterated that it doesn’t think any social security numbers and account numbers were exposed in the incident.

“We continue to believe that the list did not contain Social Security numbers, bank account numbers, or debit card numbers and that there has been no financial loss to any customers as a result of the incident,” said Robinhood in a statement.

One should take heed of this statement as this is not the first time a new information regarding the incident was concealed by Robinhood until it was revealed by other cybersecurity firms.

Earlier, Motherboard released some screenshots of Robinhood’s internal tools that the hacker used to access “more extensive account details” of some of the customers.

Also Read: DeFi Firm Cream Finance Suffers Crypto Hack, Loses USD 130 Million!

The screenshots revealed that hacker had access to buttons labeled “Disable MFA” and “Add to Trusted Device Email Code Whitelist,” along with the bank balance and transfer information of customers.

However, Robinhood had not previously specified about the hacker’s access to internal tools.

Responding to the screenshots, the trading firm said, “based on its investigation, the hackers did not make changes to any customer accounts.”

From an objective perspective, it appears that Robinhood is in damage control mode.

How bad is the hack?

How bad is the hack?

With access to Robinhood customers’ phone numbers, the malicious actors can potentially conduct SIM swapping or targeted phishing attacks. Armed with a phone number, hackers may be able to reroute login verification codes to themselves or send phishing messages or calls to users to obtain verification codes.

More News: