The data for approximately 7 million Robinhood customers stolen in a recent data breach are being sold on a popular hacking forum and marketplace.
Last week, Robinhood disclosed a data breach after one of its employees was hacked, and the threat actor used their account to access the information for approximately 7 million users through customer support systems.
The data stolen during the attack includes the following personal information for Robinhood users:
- Email addresses for 5 million customers.
- Full names for 2 million other customers.
- Name, date of birth, and zip code for 300 people.
- More extensive account information for ten people.
In addition to stealing the data, Robinhood stated that the hacker attempted to extort the company to prevent the data from being released.
Stolen email addresses, especially those for financial services, are particularly popular among threat actors as they can be used in targeted phishing attacks to steal more sensitive data.