Robinhood discloses security breach and extortion attempt

Stock trading and investing app Robinhood said that hackers breached the account of a customer support employee, stole the personal data of millions of users, and then tried to extort the company for a ransom payment when it detected the intrusion.

The hack took place last Wednesday, on November 3, according to emails obtained by The Record that Robinhood has sent to customers earlier today.


"The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems," the company also explained in a blog post.

Via this account, Robinhood said the intruder was able to access and collect vast quantities of user data.

Depending on what was stored in the compromised accounts, Robinhood said data collected by the hacker includes details such as:

  • email addresses for 5 million users
  • real names for 2 million users
  • name, date of birth, and zip code for ~310 users
  • extensive personal data for ~10 users

Robinhood said that once it detected the intrusion last week, it worked with security firm Mandiant to secure its servers.

Once this happened, the hacker asked the company for a ransom payment not to disclose the breach.

Robinhood said it notified law enforcement instead.

This is the company's biggest security incident to date. While the company admitted to small batches of user accounts getting hacked once in a while, it never had a breach of this size reported before.

Prior to today's event, the biggest Robinhood security scandal took place in July 2019, when the service admitted to storing some users' passwords in plaintext.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.