7 million users got their data affected in the breach announced by Robinhood. The incident was caused by a social engineering trick which led to internal deliberate data exposure

An employee working at Robinhood granted access to external violators who took advantage of it and intruded into the corporate systems.

The hacker called customer support of the Robinhood investing app and was allowed to examine email addresses of nearly 5 million individuals, 2 million people got their full names disclosed, personal data comprising names, dates of birth, zip codes was taken as well, and 10 users were robbed of a very detailed set of private facts which may indicate at a targeted data hunting.

The company claims that no credit card or bank account data got leaked.

It became known that the hackers used the obtained data to blackmail the company, and Robinhood was to make an extortion payment. Anyway, it hasn’t been clear whether the company has paid yet.

The main problem is that employees might be still unaware of how tricky social engineering can get. Even if the very move of calling support to access someone’s personal data seems strange and simply illegitimate, social engineering is an issue which is difficult to manage.

Employee training is an unavoidable measure companies should take to remind employees stay alert to such possibilities.

SearchInform Risk Monitor detects suspicious activities and communication via different channels preventing excessive access sharing with an unauthorised user