Image: SOPA Images/Contributor via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
“We continue to believe that the list did not contain Social Security numbers, bank account numbers, or debit card numbers and that there has been no financial loss to any customers as a result of the incident. We’ll continue making appropriate disclosures to affected people,” the statement added. Robinhood said it plans to update its blog post about the breach with the new information about the phone numbers.Robinhood is an app that markets itself as letting more people enter the world of investing without paying fees up front. It entered the spotlight earlier this year during the rush of retail investing in meme stocks such as GameStop. At the time, Robinhood blocked purchases of certain stocks and became the subject of investigations by the SEC and other entities, including the Department of Justice.Last week, Motherboard reported that the hackers managed to gain access to an internal tool which offered the ability to remove security features from specific Robinhood user accounts. Robinhood said that based on its investigation, the hackers did not make changes to any customer accounts, however.Phone numbers are particularly valuable to hackers because services often use SMS for multi-factor authentication. If a hacker can take control of a victim’s number they may be able to reroute login verification codes to themselves. Or, armed with a phone number, a hacker can send phishing messages or calls to the target to try and obtain their verification codes. Earlier this month, Motherboard reported on the booming underground trade of bots that streamline the process of social engineering targets via automated phone calls.Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.Do you have a tip about Robinhood? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.