Robinhood Markets Inc reported last week that five million customer emails and an additional two million customer names were breached by a malicious third party. The company says that 310 of its customers had more personal information exposed (things like names, birthdays, and zip codes).
The threat actor pretended to be a customer calling into the Robinhood help desk and obtained access to certain customer support systems. They later would demand an extortion payment, which Robinhood has not yet paid at the time of this article.
Once inside Robinhood’s core systems, cyber attackers gained access to buttons like “Disable MFA” and “Add to Trusted Device Email Code Whitelist,” along with actively logged devices and ACH bank transfers.
So, how do hackers use email addresses?
- Impersonation Emails – Hackers can impersonate Robinhood, letting users know there is a problem with their account. They may request a call, where they maliciously ask the customer for their account information.
- Hackers have ½ of the Robinhood login information – Now, they just need to guess the password. Some people’s passwords are easier to guess than others. See, for example, what happened in the New Cooperative Ransomware Attack, where many employees had the same password.
- Emails can open, or close, the doorway to any number of other systems and accounts. Passwords can be reset, credit information can be retrieved, accounts can be deleted.
- Hackers can impersonate any user by creating a similar email address.
- The door is now wide open for phishing emails. The affected emails can be sold on the dark web, so all exposed emails are now fair game for threat actors.
How Can I Prevent a Data Breach?
While no phishing software is 100% effective, we strongly encourage you to add email security as a critical part of your security stack. Other tactics like end user training, email encryption, and implementing MFA are key pieces to keeping your data safe.
Here’s how to Select the Best Phishing Protection Solution for Your Users.