Robinhood Hack Also Included Thousands of Phone Numbers

The exposure of thousands of phone numbers, which Motherboard obtained from a source, has not been previously reported.

Nov 16 2021, 5:50pm
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

The recent hack at app-based investment platform Robinhood also impacted thousands of phone numbers, Motherboard has learned.

The news provides more clarity on the nature of the data breach. Originally, Robinhood said that the breach included the email addresses of 5 million customers, the full names of 2 million customers, and other data from a smaller group of users.

Advertisement

Motherboard obtained a copy of the stolen phone numbers from a source who presented themselves as a proxy for the hackers. The file includes around 4,400 phone numbers.

When asked if the numbers belonged to Robinhood customers, the company told Motherboard in a statement that “We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze.”

Do you have a tip about Robinhood? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

“We continue to believe that the list did not contain Social Security numbers, bank account numbers, or debit card numbers and that there has been no financial loss to any customers as a result of the incident. We’ll continue making appropriate disclosures to affected people,” the statement added. Robinhood said it plans to update its blog post about the breach with the new information about the phone numbers.

Robinhood is an app that markets itself as letting more people enter the world of investing without paying fees up front. It entered the spotlight earlier this year during the rush of retail investing in meme stocks such as GameStop. At the time, Robinhood blocked purchases of certain stocks and became the subject of investigations by the SEC and other entities, including the Department of Justice.

Last week, Motherboard reported that the hackers managed to gain access to an internal tool which offered the ability to remove security features from specific Robinhood user accounts. Robinhood said that based on its investigation, the hackers did not make changes to any customer accounts, however.

Phone numbers are particularly valuable to hackers because services often use SMS for multi-factor authentication. If a hacker can take control of a victim’s number they may be able to reroute login verification codes to themselves. Or, armed with a phone number, a hacker can send phishing messages or calls to the target to try and obtain their verification codes. Earlier this month, Motherboard reported on the booming underground trade of bots that streamline the process of social engineering targets via automated phone calls.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.

Tagged:

hacker, apps, investing, CYBER, HACK, data breach, Robinhood

More
like this
Authentication Giant Okta Breached Through Customer Support
Microsoft Investigating Claim of Breach by Extortion Gang
LAPSUS$: How a Sloppy Extortion Gang Became One of the Most Prolific Hacking Groups
Hackers Steal $150M From Crypto Exchange Billed as 'Most Trusted'
T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed.
Law Enforcement Seizes RaidForums, One of the Most Important Hacking Sites
A Hacker Is Negotiating With Victims on the Blockchain After $1.4M Heist
Researcher Found Way to Brute Force Verizon Customer PINs Online