Last week, we covered the cyberattack against Robinhood, the app that makes trading stocks easy for any user. At that time, we had some knowledge of what hackers got away with, but most details still weren’t clear. Now, we know the full damage of the attack, thanks to a blog post from Robinhood.
To recap, hackers accessed Robinhood’s customer support system, and held the network hostage for a ransom. Robinhood declined to pay; at the time, we knew that hackers were able to expose five million user accounts and the full names of two million users. 310 users had zip codes revealed, and 10 users, unfortunately, had “extensive account details revealed.” Beyond that, we weren’t sure what else was compromised.
Robinhood updated its originally blog post on Nov. 16 to provide additional context to this breach. In addition to the user accounts, full names, and zip codes, 4,400 phone numbers were exposed. That’s dangerous; hackers could take advantage of those phone numbers to engage in SMS phishing, or to expose even more personal information throughout other accounts. This data also makes you vulnerable to SIM-swap attacks.
This attack highlights the importance of setting up 2FA with all of your accounts. While using SMS codes is better than nothing, we recommend using an authenticator app; that way, even if the hackers gain access to your number, they won’t be able to receive 2FA codes.