Article
Robinhood Breach Underscores the Dangers of Social Engineering
December 8, 2021
From Robin Hood to Robinhood
We all remember the legendary heroic outlaw Robin Hood who made it his mission to rob the rich and give to the poor. Robinhood, a financial services company which seemed to take a page from Robin Hood, declared its mission “to provide everyone with access to financial markets, not just the wealthy” with a no-fee trading application. In early November 2021, it experienced a data breach. Roughly seven million accounts were compromised. Mostly email addresses were leaked and more serious data for about 300 clients.
Lessons in Social Engineering from the Robinhood Breach
Apparently, the cybercriminal who attacked Robinhood contacted a Robinhood customer support worker, convinced that worker to divulge information and/or take actions which allowed the attacker to gain access to some support systems. Though it appears that mostly email addresses were compromised (though some more significant data for a small number of clients), this is not precisely a “ho-hum, that wasn’t so bad” sort of result. Mind you, it could have been much, much worse.