On Monday, the investing app Robinhood announced that it was hit by a data breach last week. The company, made popular after the GameStop stock trading phenomenon over the summer, said hackers accessed some personal information for millions of their users, according to a statement.
"Late in the evening of November 3, we experienced a data security incident. An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers," Robinhood said.
The hackers, who also reportedly demanded a ransom payment, were able to access data for about 7 million of the app's users, the company revealed. While Robinhood said that it believes no Social Security numbers, bank details or debit card information was exposed, some details on the data breech were still unclear into Monday.
The company said the breach was successful through what is known as social engineering.
Robinhood said in a statement, "The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems. At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people."
The company also said that users of the app did not experience any financial losses as a result of the security breach.
Robinhood Chief Security Officer Caleb Sima said, “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
Robinhood directed users to the "Account Security" portion of the app in its statement, as a way to learn more about how to keep user accounts safe. It is unclear how tips contained within that page could have prevented the social engineering hack on a customer support representative, which the company said is the root cause of this latest data breach.