Robinhood is the latest stock broker or crypto platform to fall victim to cybercriminals. In this instance, hackers stole 5 million people’s email addresses and 2 million people’s full names. For around 310 people, the hack may have been more serious — the attacker accessed their name, date of birth, and zip codes.
Robinhood said in a press statement the criminals had not accessed any social security numbers, bank account numbers, or debit card information. The release stressed, “There has been no financial loss to any customers as a result of the incident.”
However, criminals can still cause significant problems with email addresses and names. For example, they can send spoof messages from your address containing malware. They can also send you phishing emails — emails that pretend to come from a reputable source and try to trick you into sharing your password or other sensitive information.
How the Robinhood hack happened
Robinhood says the attack happened when the hacker “socially engineered a customer support employee by phone and obtained access to certain customer support systems.” It is in the process of contacting customers who’ve been affected by the breach.
It is not the first time Robinhood has been targeted by hackers. Last year, according to Bloomberg, 2,000 accounts were compromised, and customers’ money was stolen. At the time, it came under fire because affected customers could not contact the company. It has since invested heavily in improving its customer service systems.
Both the Financial Industry Regulatory Authority and the Securities and Exchange Commission have warned of an increasing number of hacking attacks across the financial services industry.
How to protect yourself against cybercriminals
Robinhood customers should visit the help center on its website to find out if their information has been compromised. If your email address or name was stolen from Robinhood’s systems, it’s especially important to be vigilant for fake emails and phishing attacks.
Even if you’re not a Robinhood customer, it’s important to protect yourself.
- Don’t click on links in emails. If you receive a message from Robinhood (or your bank, brokerage, or cryptocurrency exchange), don’t click on the link. Instead, log in to your account directly through your web browser. That way, you won’t be taken to a fake phishing site. Similarly, be wary of attachments as they may contain malware.
- Be suspicious of emails if they’re pushing you to share your info. If the color of the logo looks off or the name of the company is misspelled, the email is almost certainly from a scammer. If an email asks you to share login or payment information, treat it with caution.
- Use unique and complex passwords. It’s tempting to use the same password for several sites, but it can put you at risk. Let’s say an online shopping site you use gets breached, and criminals steal the passwords. If you use that same password for your financial activity or anything else, those criminals may then be able to access your accounts. If you don’t want to keep track of lots of different codes, use a password manager to store your credentials.
- Use two-factor authentication (2FA). Most stock brokers, banks, and crypto exchanges offer some form of 2FA these days. You can either opt to receive a code by email or text or use an authenticator app to generate extra login info. This extra layer of security makes it harder for hackers to gain access to your systems.
- Make sure your antivirus and malware protection is up to date. The easiest way to do this is to set up your antivirus software to update and scan your system automatically.
It’s almost impossible to make your computer system impenetrable to criminals. But one thing to remember is that they often look for the easiest point of attack. The more aware you are, and the more steps you take to make it difficult for hackers, the less likely you are to be a victim.