Inyova
en en
Back

Tech tips: Heartbreaking Robinhood story 

Inyova’s short monthly newsletter about security recommendations, news, and interesting facts.

This is an internal newsletter sent to the Inyova team each month. We hope you enjoy it as much as we do!

Today’s topic: Heartbreaking Robinhood story 

What happened?

In November 2021, Robinhood, an online financial services company, reported a data breach affecting 5 million customers’ email addresses, another 2 million customers’ full names, and a detailed data breach of a small customer group.

They have been breached by a social engineering attack.

What the hack is a social engineering attack? 

A social engineering attack is an attack where the attacker claims they are someone else, in order to get any information that could be used for their advantage. 

In the Robinhood case, the attacker lied to a customer service representative and managed to get access to Robinhood’s internal tool. There the attacker could not only see emails and names but also balances, buying power, IP addresses, support communications, phone numbers, 2FA activation, and more.

Why should I care?

The Robinhood incident was a human error that often happens when employees lack deeper security knowledge about possible dangers and traps out there. It’s very hard to fix such a problem, as you need to tutor people on how to not become a victim. 

At Inyova, we need to constantly be aware of these threats and share any social engineering attacks we encounter with the rest of the team.

What should I do? 

Firstly, do not share any access if you are not entitled to do so. Do not share access with employees you do not know or those who should already have access. You can protect yourself by delegating this responsibility to your team’s lead.

Secondly, restrict yourself from sharing direct links to internal tools, and watch out not to share internal tools on any video screen sharing or any screenshots.

If you are under a social engineering attack, share this information with the whole team.

 

That’s it! Keep your mechanics safe and thanks for reading.

Source: https://blog.robinhood.com/news/2021/11/8/data-security-incident

 

Haftungsausschluss: Die Wertentwicklung von Finanzmärkten und -instrumenten in der Vergangenheit ist niemals ein Indikator für die Wertentwicklung in der Zukunft. Die Aussagen oder Informationen in diesem Dokument stellen keine Empfehlung, kein Angebot, keine Aufforderung zum Kauf oder Verkauf von Wertpapieren oder Finanzinstrumenten dar. Die Inyova AG übernimmt keinerlei Gewähr hinsichtlich der Zuverlässigkeit und Vollständigkeit der Informationen dieses Artikels. Haftungsansprüche gegen die Inyova AG wegen Schäden, welche aus der Nutzung der in diesem Dokument veröffentlichten Informationen entstanden sind, werden ausgeschlossen. Darüber hinaus spiegeln die in diesem Dokument enthaltenen Aussagen eine Einschätzung zum Zeitpunkt der Veröffentlichung wider und können sich ändern. Verweise und Links auf Webseiten Dritter liegen ausserhalb des Verantwortungsbereichs der Inyova AG. Jegliche Verantwortung für solche Webseiten wird abgelehnt.
You might also like:
Tech tips: Credential stuffing attack
Tech tips: Massive ransomware increase
Inyova AG Limmatstrasse 123 8005 Zurich
Apple Store Download from
Apple Store Google Store Download from
Google Store
Inyova AG Limmatstrasse 123 8005 Zurich
© 2024 — Inyova AG
Select your language and country
Choose the country of your residence to learn more about our offering for you.