Robinhood data breach hits 7 million customers — what to do now

Robinhood app — how it works and everything you need to know

(Image credit: Shutterstock)

The mobile stock-trading service Robinhood has suffered a data breach affecting more than 7 million people — but insists that the breach is not so bad.

"We believe that no Social Security numbers, banking concern-business relationship numbers, or debit-card numbers were exposed and that at that place has been no financial loss to any customers as a result of the incident," Robinhood said in a blog posting yesterday (Nov. 8).

Robinhood: What the heck is it and why all the controversy?
The best identity theft protection services
Plus: Google Pixel six Pro vs. OnePlus 9 Pro: Which Android phone wins?

"We sympathise that the unauthorized political party obtained a list of email addresses for approximately five meg people, and full names for a different grouping of approximately two 1000000 people."

However, the firm added, "for a more than limited number of people — approximately 310 in total — additional personal information, including name, date of nascency, and ZIP code, was exposed, with a subset of approximately x customers having more extensive account details revealed."

Robinhood said it was "in the procedure of making appropriate disclosures to affected people." (The Tape had a screenshot of one such message sent to a customer whose email accost was exposed.) It did not mention whether any user passwords were exposed in whatever style.

What to do if you have a Robinhood account

If you have a Robinhood account, it would be best to change your account password ASAP, simply as a precaution. The company web log post said you can do and then past visiting "Help Center > My Account & Login > Account Security."

Make the new password something unique and strong, and one that you've never used before. Use one of the best password managers if you lot're having trouble keeping track of all your passwords.

Robinhood said that on Nov. 3, someone called customer support and managed to convince a support representative into granting the caller access to internal systems. Subsequently the caller got admission, he or she "demanded an extortion payment," which Robinhood doesn't seem to exist paying.

The 5 million customers whose email addresses were exposed may see an uptick in spam messages, and should be on the lookout for phishing emails, particularly those that may seem to come from Robinhood itself.

"When in incertitude, log in to view messages from Robinhood," the company weblog mail said. "We'll never include a link to access your business relationship in a security warning."

However, the situation may be worse for the approximately 300 people who had their full names, dates of birth and ZIP codes leaked. Full names and dates of nascence will give identity thieves a head start, and Zippo codes can help credit-bill of fare thieves use stolen numbers — although, as Robinhood noted, none were apparently taken in this instance.

As for the 10 or so people who had even more revealed, Robinhood isn't proverb exactly what was taken, so we tin but assume the worst. It may be that those people did indeed have passwords taken, or personal details beyond names and dates of birth, in which instance they might want to consider signing upwards with one of the best identity-theft-protection services — which Robinhood ought to pay for.

Paul Wagenseil is a senior editor at Tom'due south Guide focused on security and privacy. He has likewise been a dishwasher, fry melt, long-haul driver, code monkey and video editor. He'southward been rooting around in the information-security space for more than than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'southward Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a console give-and-take at the CEDIA domicile-technology briefing. You can follow his rants on Twitter at @snd_wagenseil.