Robinhood Data Breach Leaves Millions Potentially Vulnerable
Mandiant is helping with Robinhood's investigation of the data breach.
![Data breach on desktop Data breach on desktop](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt0aa3610b21f6b378/65242471ec671298ab7e92cb/Data-Breach-gallery-Aug-2021.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Erich Kron is security awareness advocate at KnowBe4. He said social engineering continues to play a significant role in spreading malware and ransomware, as well as in breaches such as this one.
“The bad actors behind these attacks are often highly skilled and very convincing when they get a potential victim on the line,” he said. “Unfortunately, technology is not good at stopping these attacks, so the best defense against these attempts is education and training. Employees should be trained to spot and report social engineering and phishing attacks using short, focused training modules. And organizations should have a policy telling employees how to report these attacks.”
Justin Fier is Darktrace‘s director for cyber intelligence and analytics. He said the Robinhood attack is an alarming example of the continued escalation of targeted and sophisticated cyberattacks.
“Robinhood was breached last year, compromising the data of 2,000 user accounts,” he said. “Customers and investors are likely wondering how another breach, this time exposing the personal information of an additional 7 million users, has happened so soon. As Robinhood holds incredibly sensitive personal information and trading data, it is yet to be seen how these attacks will affect the marketspace.”
This attack should be a glaring lesson for businesses everywhere that perimeter defenses are simply not enough, Fier said.
“Malicious actors are increasingly compromising organizations via human error – with 94% of attacks beginning in the email inbox,” he said. “Attackers know that even with robust security protocols, organizations will always be vulnerable to cyberattack via their human workforces, especially as phishing and other forms of social engineering are more targeted and convincing. Without the ability for an organization’s digital environment to autonomously defend itself and its employees by disrupting any anomalous and potentially malicious behavior, even from trusted employees, bad actors can leverage human vulnerabilities, exfiltrate and even ransom sensitive data.”
Doug Britton is CEO of Haystack Solutions. He said we are entering a new digital era where it is dramatically more difficult for the average employee to recognize threats.
“This breach centers around a customer service representative, not a system vulnerability per se,” he said. “The best defense in any case is a highly skilled cyber team. The public and private sectors need to continue to invest in the next generation of cyber professionals to combat the persistent threat of bad actors regardless of their targets or we risk an imbalance in security that will hinder new evolutions in finance.”
Saryu Nayyar is CEO of Gurucul. She saId this must be a hacker with a sense of humor, although the actual loss of data is by no means funny.
“It’s ironic that the trading app Robinhood was hacked, with the possible loss of information on up to 7 million users in a ransomware attack,” she said. “After all, the historical Robin Hood was renowned for robbing from the rich and giving to the poor. We’re guessing that those who did the hack aren’t going to give it to the poor.”
It remains to be seen which group is responsible, and whether Robinhood paid the ransom, so this remains a developing story, Nayyar said.
“And while it’s not easy to hack millions of records out of a system, it seems to happen on almost a daily basis these days,” she said. “Legitimate customers deserve better protection than they seem to be getting these days.”
Ron Bradley is vice president of Shared Assessments. He said the Robinhood data breach is a prime example of social engineering which has been around for decades. While technical controls help guard against threat actors, there will always be instances where someone will fall for a ruse.
“In this particular case, the type and number of records reportedly compromised aren’t particularly alarming to me,” he said. “The fact is, anyone reading this column most certainly has had their data compromised in one fashion or another. The good news is, there were no reports of passwords being stolen, which would change the equation. Regardless, this is just another reminder of the importance in not reusing credentials across multiple platforms, particularly those which involve financial transactions.”
There’s no substitute for implementing multifactor authentication (MFA), password managers and good cyber hygiene to reduce the blast radius in the case where personal information is part of a data breach or even a targeted attack, Bradley said.
Garret Grajek is CEO of YouAttest. He said data breaches are the outcome of constant scanning, exploring and probing on all internet resources.
“Attackers use automated tools for 24/7 scanning,” he said. “They then automate mapping to vulnerabilities and map exploitation tools to the discovered vulnerabilities. This is why zero-day hacks are, by nature, ahead of the patches. Bad actors find the vulnerability before vendors have identified them, let alone patched them. It’s essential to use hardened platforms and adhere to solid security practices like … the principle of least privilege. We must assume our sites and the credentials themselves will be hacked and ensure that each identity provides the least amount of exposure to the enterprise resources. This is best practiced through identity triggers and reviews, which help an enterprise discover over-privileged identities and malicious changes to permissions of compromised identities.”
Garret Grajek is CEO of YouAttest. He said data breaches are the outcome of constant scanning, exploring and probing on all internet resources.
“Attackers use automated tools for 24/7 scanning,” he said. “They then automate mapping to vulnerabilities and map exploitation tools to the discovered vulnerabilities. This is why zero-day hacks are, by nature, ahead of the patches. Bad actors find the vulnerability before vendors have identified them, let alone patched them. It’s essential to use hardened platforms and adhere to solid security practices like … the principle of least privilege. We must assume our sites and the credentials themselves will be hacked and ensure that each identity provides the least amount of exposure to the enterprise resources. This is best practiced through identity triggers and reviews, which help an enterprise discover over-privileged identities and malicious changes to permissions of compromised identities.”
Robinhood, the online stock trading platform, says about 7 million customers’ personal information was compromised in a data breach last week.
That represents about one-third of Robinhood’s customers. The intruder obtained email addresses of about 5 million people. They also got full names for a separate group of about 2 million.
Robinhood confirmed the data breach occurred on Nov. 3.
In a blog, Robinhood said the unauthorized party socially engineered a customer support employee by phone and got access to certain customer support systems.
Additional personal information, including name, date of birth and zip code were exposed for 310 people. In addition, a subset of about 10 customers had more extensive account details revealed.
“We are in the process of making appropriate disclosures to affected people,” Robinhood said. “After we contained the intrusion, the unauthorized party demanded an extortion payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm.”
Mandiant Helping Out
Mandiant confirmed it is working with Robinhood. It sent us this statement from Charles Carmakal, its senior vice president and CTO:
“Robinhood quickly contained the security incident and conducted a thorough investigation to assess the impact. Mandiant has recently observed this threat actor in a limited number of security incidents and we expect they will continue to target and extort other organizations over the next several months.”
Caleb Sima is Robinhood‘s chief security officer.
“As a safety-first company, we owe it to our customers to be transparent and act with integrity,” he said. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
Scroll through our slideshow above for more important details on the Robinhood data breach.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
Read more about:
MSPsAbout the Author(s)
You May Also Like