Shares in Robinhood experienced a decline after the retail stockbroking platform announced that five million customer email addresses were compromised during a social engineering attack.
On November 3, a scammer managed to manipulate a customer support employee over the phone, gaining access to certain support systems. According to a blog post from the company, the unauthorized individual acquired a list of email addresses belonging to approximately five million users, as well as full names for a separate group of around two million individuals. Furthermore, they believe that additional personal information—such as names, dates of birth, and zip codes—was exposed for about 310 people, with a smaller subset of around 10 customers having more extensive account details compromised. Robinhood is currently in the process of notifying those affected.
The hacker allegedly demanded an extortion payment for the stolen files. The company has reached out to law enforcement and confirmed that no Social Security numbers, bank account information, or debit card details were part of the breach.
Caleb Sima, Robinhood’s chief security officer, emphasized the company’s commitment to transparency, stating, “As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
As a result of the announcement, shares in Robinhood fell by 3.1% in after-market trading on Monday.