Robinhood has recently revealed that hackers stole thousands phone numbers of users, indicating that a November 3rd security breach compromised more information than the company originally reported. More precisely, the list contains around 4,400 phone numbers according to Motherboard, which reportedly obtained the list from a proxy for the hackers.
Robinhood told Motherboard that it still believes information like Social Security, bank account, and debit card numbers weren’t compromised, but that it’s also analyzing other text entries in one of the lists the hackers obtained. The company also posted this information in an update to its original blog post about the incident and said that it would continue making appropriate disclosures to affected people.
Earlier this month, Robinhood reported that an employee falling victim to a social engineering attack led to hackers obtaining 5 million customers emails, and 2 million customers names. Additionally, around 300 customers had more details like zip codes and dates of birth stolen, while 10 customers had “more extensive account details revealed. Phone numbers weren’t mentioned in the company’s original post.
As Motherboard points out, access to Robinhood users’ phone numbers could make the users vulnerable to SIM swapping, or targeted phishing attacks from the hackers or anyone to whom they sold the numbers. It’s also concerning that Robinhood hadn’t released this information until more than a week after it first disclosed the attack.
While it’s possible the company wasn’t aware the phone numbers had been taken, that’s not a particularly reassuring explanation.
