By Rabab Zehra, Executive Editor, TECHx
A hack of Robinhood’s stock trading platform last week led to the loss of more than five million customer email addresses and two million customer names, as well as a much smaller set of customer data that was more specific.
The unauthorised entity gained access to specific customer support systems on November 3, 2021, through socially engineering an employee, according to a blog post by Robinhood.
However, based on their investigations, the company stated that no Social Security or bank account numbers, or debit card details were stolen, and that no consumers suffered any financial loss as a consequence of the hacking.
TECHx Media spoke to Ram Narayanan, Country Manager, Check Point Software Technologies, Middle East, to understand how users of similar platforms can protect themselves from such cyberattacks.
Narayanan advised Robinhood users to change their passwords immediately, enable two-factor authentication, and keep an eye out for suspicious emails.
“Socially engineered attacks are becoming more mainstream. In these cyberattacks, hackers use human interactions to carry out their malicious activities, psychologically manipulating people into making security mistakes or giving away sensitive information,” he said.
“The information leaked here is sensitive, and bad news for the Robinhood community. Malicious hackers can use the stolen information to carry out more attacks against the victims, like targeted phishing emails, as names and dates of birth can often be used to verify a person’s identity. We urge Robinhood users to change their passwords immediately, enable two-factor authentication, and watch out for any suspicious emails in their inboxes. According to our research, 93 percent of malicious files in the UAE were delivered via email this year,” Narayanan added.
While the majority of Robinhood users and their investments are safe, it is still important to take precautions to keep customers’ accounts and personal data secure.
As more and more socially engineered attacks are taking place, where cybercriminals physiologically manipulate a victim into performing actions that can lead to a breach, it is imperative that organisations adopt a proactive approach. Short and focused training sessions can be helpful, as well as policies and procedures that enable employees to spot and report these kinds of attacks.
Robinhood users can learn more about keeping their accounts secure by visiting Robinhood’s support centre on the company’s website.