fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

7 million Robinhood User Email Addresses for Sale on Hacker Forum

7 million Robinhood User Email Addresses for Sale on Hacker Forum

The data for approximately 7 million Robinhood customers stolen in a recent data breach are being sold on a popular hacking forum and marketplace.

Last week, Robinhood disclosed a data breach after one of its employees was hacked, and the threat actor used their account to access the information for approximately 7 million users through customer support systems.

The data stolen during the attack includes the following personal information for Robinhood users:

  • Email addresses for 5 million customers.
  • Full names for 2 million other customers.
  • Name, date of birth, and zip code for 300 people.
  • More extensive account information for ten people.

In addition to stealing the data, Robinhood stated that the hacker attempted to extort the company to prevent the data from being released.

Also Read: The Role of A DPO During Work From Home

Stolen email addresses, especially those for financial services, are particularly popular among threat actors as they can be used in targeted phishing attacks to steal more sensitive data.

Stolen Robinhood data sold on a hacking forum

Two days after Robinhood disclosed the attack, a threat actor named ‘pompompurin’ announced that they were selling the data on a hacking forum.

In a forum post, pompompurin said he was selling 7 million Robinhood customers’ stolen information for at least five figures, which is $10,000 or higher.

Threat actor selling the stolen Robinhood data
Threat actor selling the stolen Robinhood data
Source: BleepingComputer

The sold data includes 5 million email addresses, and for another batch of Robinhood customers, 2 million email addresses and their full names. However, pompompurin said they were not selling the data for 310 customers who had more sensitive information stolen, including identification cards for some users.

Robinhood did not initially disclose the theft of ID cards, and the threat actor states that they downloaded them from SendSafely, a secure file transfer service used by the trading platform when performing Know Your Customer (KYC) requirements.

“As we disclosed on November 8, we experienced a data security incident and a subset of approximately 10 customers had more extensive personal information and account details revealed,” Robinhood told BleepingComputer after we contacted them regarding the sale of their data.

“These more extensive account details included identification images for some of those 10 people. Like other financial services companies, we collect and retain identification images for some customers as part of our regulatory-required Know Your Customer checks.”

Also Read: Top 3 Common Data Protection Mistakes, Revealed

pompompurin told BleepingComputer that he gained access to the Robinhood customer support systems after tricking a help desk employee into installing a remote access software on their computer.

Once remote access software is installed on a device, a threat actor can monitor their activities, take screenshots, and remotely access the computer. Additionally, while remotely controlling a device, the attackers can also use the employee’s saved login credentials to log in to internal Robinhood systems that they had access to.

“I was able to see all account information on people. I saw a few people while the support agent did work,” pompompurin told BleepingComputer.

In response to further questions regarding how the employee’s device was breached, Robinhood referred us back to their original statement stating that the threat actor “socially engineered a customer support employee by phone.” However, they did confirm to BleepingComputer that malware was not used in the attack

As proof that they conducted the attack, pompompurin posted screenshots seen by BleepingComputer of the attackers accessing internal Robinhood systems.

These screenshots included an internal help desk system used to lookup Robinhood member information by email address, an internal knowledge base page about a “Project Oliver Twister” initiative designed to protect high-risk customers, and an “annotations” page showing notes for a particular customer.

Part of a screenshot showing internal member notes
Part of a screenshot showing internal member notes

After learning of the data being sold, BleepingComputer contacted Robinhood and asked for confirmation as to whether these screenshots originated from their systems.

While they did not explicitly confirm the screenshots are of their systems, they asked that any screenshots be redacted of private information, indicating they were likely taken during the attack.

Same threat actor responsible for recent FBI hack

 This threat actor, pompompurin, was also responsible for abusing FBI’s email servers to send threatening emails over the weekend,

This weekend, US entities began to receive emails sent from FBI infrastructure warning recipients that their “virtualized clusters ” were being targeted in a “sophisticated chain attack,” as shown in the email below.

Fake FBI warning email sent this weekend
Fake FBI warning email sent this weekend

To send these emails, pompompurin found a bug in the FBI Law Enforcement Enterprise Portal (LEEP) portal that the actor could exploit to send emails from IP addresses belonging to the FBI.

As the emails came from IP addresses owned by the FBI, it added legitimacy to the emails, causing the government agency to become flooded with concerned calls about the fake warnings.

After learning of the attack, the FBI took the associated server offline to resolve the issue.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us