Exploit: Phishing (Vishing)
Robinhood: Financial Services Platform
Risk to Business: 1.542=Extreme
Financial services platform Robinhood is in the news again after disclosing a data breach on 11/03. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining systems access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe. No word on the amount of this demand. The incident is under investigation.
Individual Risk: 1.312=Extreme
The company disclosed that it estimates a total of seven million users are apparently affected by this breach. Threat actors accessed email addresses for five million customers and a separate list of full names for two million customers. Robinhood says that the bad guys gained access to varying levels of user information including in-depth PII including full names, date of birth and zip code for around 310 users, and extensive records for a subset of 10 users.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Vishing threats are popping up more frequently as cybercriminals look to vary their approach to obtaining credentials in unexpected ways.
Source: Solutions Review