Someone recently hacked and attempted to extort Robinhood, the popular investment and trading platform, gaining access to millions of customers’ email addresses and full names in the process.
The platform revealed the security incident in a blog post published Monday, assuring users that nobody had lost any money as a result of the incident.
“An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers,” the company revealed, while emphasizing that the breach had since been contained and that there had been “no financial loss to any customers.”
The incident, which took place on Nov. 3, was apparently the result of a social engineering scheme that targeted a customer support employee. The hacker convinced the employee that they were cleared to access “certain customer support systems,” and subsequently gained access to the email addresses of approximately 5 million customers and the full names of approximately 2 million customers, the company said.
For a much smaller subset of customers, the data breach was substantially more invasive: “We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed,” the company’s blog post says.
Afterward, the criminal attempted to extort the company with the information it had stolen.