Stolen Robinhood Data Listed for Sale on Deep Web
On Tuesday, exchange platform Robinhood revealed to the public that some of its user data had been hacked into and stolen. The California brokerage app’s admittance puts the number of email addresses and customer names that were exposed to be about five million, approximately a third of Robinhood’s registered users. The numbers involved put Robinhood’s data hack to be one of the biggest in history.
On November 8, Robinhood took responsibility for the hack and admitted that the heist happened due to a slippage from an unsuspecting customer support representative. It however assured that only email addresses and customer names were exposed.
Hacked Data Put on Sale
In the early hours of today, Russian group Data Leaks revealed that a well-known Darknet user was putting up stolen data from Robinhood’s app for sale on the deep web.
The data being offered for sale contains the stolen 5 million email addresses and 2 million full customer names, according to the perpetrator. The perpetrator is however separately offering extra details of about 310 accounts, which will contain dates of birth, zip code, name, and mailing addresses.
Extra details of other users containing personal id along with earlier communicated details, has been withdrawn for future sale according to the perpetrator.
While the hacker claims to possess access to personal ids and other extensive details, Robinhood has insisted those claims are false or exaggerated, according to a report by PrivacyAffairs.
Following Robinhood’s public revelation that it had been hacked, the darknet user, also known to have a high reputation and a notorious seller score on the deep forum in concern, accused the brokerage company of lying.
A Robinhood spokesperson has however said that out of the millions of names and addresses stolen, only ten accounts were at risk of id exposure.
“As we disclosed on November 8, we experienced a data security incident and a subset of approximately 10 customers had more extensive personal information and account details revealed. These more extensive account details included identification images for some of those 10 people. Like other financial services companies, we collect and retain identification images for some customers as part of our regulatory-required Know Your Customer checks,” the spokesperson wrote to PrivacyAffairs.
The spokesperson’s correction of the sale notice put on the deep web has been suggested to be an indirect confirmation of the sale announced on the deep web, as before then there had been no mention of ids.
Robinhood is yet to give an official statement regarding the sale but has promised to conduct a thorough investigation into the information heist.
Welcome to the NOW experience! The ChangeNOW team presents you with the new community-inspired crypto wallet – NOW Wallet.