Hacker Tricked Robinhood Support Into Revealing Data Of 5 Million Users

from the whoops-a-daisy dept

When it comes to privacy and security, the weakest link continues to be of the human variety.

Trading app Robinhood last week announced in a blog post that somebody used social engineering to trick company support into handing over user login data. On November 3, said "hacker" convinced company support they were cleared to access “certain customer support systems.” From there they nabbed the email addresses of five million users, and the full names of a different group of two million users:

"At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people."

Another subset of users had far more sensitive data exposed to the intruder. 310 users had their full names, dates of birth and ZIP codes exposed to the intruder, and 10 customers had "more extensive account details revealed" -- though the company doesn't specify which details they were. The company insists that no social security numbers were revealed and that nobody suffered any financial losses related to the attack:

"Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident."

By "no financial loss" Robinhood means none of their users had money stolen directly via Robinhood. That doesn't mean those users won't suffer financial losses elsewhere, after being bombarded with phishing emails over the next few months using the email addresses, or compromised via the release of other personal data used elsewhere.

As with most revelations of this type, the scope of the breach is probably significantly bigger than what's currently understood. Also like most such breaches, nobody will remember it happened three months from now, and Robinhood won't be held meaningfully accountable for its exploitable customer service. In a country where most companies have lax security and privacy standards, there's no meaningful privacy law for the internet era, and FTC privacy enforcers that are routinely understaffed, under-funded, and simply outgunned, there's simply not very much incentive to make security and privacy a real priority.

Filed Under: breach, customer support, emails, hacker
Companies: robinhood

Robinhood App Decides To Stop Helping The Poor Steal From The Rich

from the everything-is-a-content-moderation-story dept

I had been meaning to do another story on the whole GameStop/Reddit/WallStreetBets story, because there's a lot of really fascinating points on this, but my original story got pretty much wiped away this morning when Robinhood, the popular stock trading app that promotes itself as a way of democratizing stock trading and providing free trades -- and which was the main app used by Redditors to drive up the prices of various stocks that a bunch of hedge funds were trying to short -- announced that it was blocking the trades in all of the volatile stocks that Redditors were driving up. It did so in the most ridiculous of statements, claiming that they were pausing buying of those stocks to "[help] our customers navigate this uncertainty."

Amid significant market volatility, it’s important as ever that we help customers stay informed. That’s why we’re committed to providing people with educational resources. We recently revamped and expanded Robinhood Learn to help people take advantage of the hundreds of financial resources we offer and educate themselves, including how to make sense of a volatile market. In 2020, more than 3.2 million people read our articles through Robinhood Learn.

We’re committed to helping our customers navigate this uncertainty. We fundamentally believe that everyone should have access to financial markets. We’re humbled to have helped many people invest in the markets for the first time. And we’re determined to provide new and experienced investors with the tools and resources to help them invest responsibly for their long-term financial futures.

Bull and Shit. The people buying into this stuff didn't need help "navigating this uncertainty." This was a protest. This actually was what happens when you "democratize finance" and stop letting the big giant firms abuse the system for profit. And it turns out that that's not what Robinhood really wanted after all.

As incredible as it seems, it turns out that even this is a content moderation story.

Also, I can pretty much guarantee that Robinhood is going to be hit with a whole bunch of class action lawsuits, probably before the day is out. (Actually, they were hit by lawsuits before even this post was out!)

Many people have recognized that while there's a lot going on here, at least some of what's happening is legitimately smaller individual investors giving a big giant "fuck you" to the big Wall Street hedge funds that were treating the market as a plaything with which to get ever richer. I heard someone jokingly note yesterday that Reddit and Robinhood together accounted for more wealth distribution from the rich to the poor in the past week than the Democratic Party has in years.

And, like every other time that gatekeepers' walls are knocked down, the gatekeepers freak out. This is Hollywood freaking out about Napster all over again. Yesterday the big news was that Discord banned the r/WallStreetBets server, which was where many of the Redditors were gathering (outside of Reddit). The company claimed -- somewhat ridiculously -- that the ban was for hate speech on the server. But the timing of it made that look like a very weak fig leaf. Considering how many gamers use Discord (its original target market), I can assure you that other servers have a lot more hate speech than the WallStreetBets one did.

Then, last night, we had the totally expected old school "Hollywood reacting to Napster" response when NASDAQ's CEO, Adena Friedman, said that they should halt trading in GameStop and the other targeted stocks to allow investors to "recalibrate their positions."

Funny how they never seem to do that when it's retail investors losing their investments.

As with other situations, the events of the past few days only serve to underline how the system itself is rigged to help the big guys on Wall Street, and the second that everyone else figures out how to game the system themselves, the gatekeepers freak out and look to reassert control.

Filed Under: content moderation, gatekeepers, hedge funds, retail investors, stonks, wallstreetbets
Companies: discord, gamestop, reddit, robinhood