Robinhood Data Breach – Hackers access millions of users’ data

By Waqas
Robinhood data breach involved social engineering attack in which hackers somehow managed to gain access to the company’s support system.
This is a post from HackRead.com Read the original post: Robinhood Data Breach – Hackers access mil… Continue reading Robinhood Data Breach – Hackers access millions of users’ data

Robinhood breach exposed information on 7 million people

Robinhood, a popular stock-trading app, said that it has been breached by someone who accessed information on 7 million people, then sought to extort the company. The breach on Nov. 3 provided access to 5 million email addresses and 2 million full names, with another approximately 310 having additional information like zip codes and dates of birth exposed. Around 10 more had “more extensive account details” exposed, the company announced on Monday. Robinhood has become a force in the financial market, with 18 million clients and $80 billion in assets, a summer filing stated. “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” Robinhood’s statement reads. It’s the first notable cyber incident on the company to […]

The post Robinhood breach exposed information on 7 million people appeared first on CyberScoop.

Continue reading Robinhood breach exposed information on 7 million people

Fintech company Plaid, consumers reach $58M settlement agreement in privacy suit

Financial tech company Plaid has reached a $58 million settlement agreement in a lawsuit where customers alleged that the company obtained and used their banking information without permission. Plaid’s service connects customer banking accounts to financial apps like Venmo and Robinhood. The plaintiffs claimed that Plaid misled them and violated their privacy by obtaining data from their financial accounts without consent, getting their bank login information through a deceptive interface meant to look like customers’ own bank login screens and selling their transaction histories. Under the settlement agreement, still subject to court approval, Plaid must also delete some data from its systems, minimize the data it stores, improve disclosures of how it uses data and maintain disclosures and websites about its security practices. “We do not, nor have we ever, sold data,” a Plaid spokesperson said. “We make our role and practices clear, and provide services that give consumers control […]

The post Fintech company Plaid, consumers reach $58M settlement agreement in privacy suit appeared first on CyberScoop.

Continue reading Fintech company Plaid, consumers reach $58M settlement agreement in privacy suit

Hackaday Links: March 8, 2020

A lot of annoying little hacks are needed to keep our integer-based calendar in sync with a floating-point universe, and the big one, leap day, passed us by this week. Aside from the ignominy of adding a day to what’s already the worst month of the year, leap day has …read more

Continue reading Hackaday Links: March 8, 2020

Alpaca nabs $6M for stocks API so anyone can build a Robinhood

Stock trading app Robinhood is valued at $7.6 billion, but it only operates in the US. Freshly-funded fintech startup Alpaca does the dirty work so developers worldwide can launch their own competitors to that investing unicorn. Like the Stripe of stocks, Alpaca’s API handles the banking, security, and regulatory complexity, allowing other startups to quickly […] Continue reading Alpaca nabs $6M for stocks API so anyone can build a Robinhood

Stock trading app Robinhood says user passwords were readable on internal systems

Stock trading service Robinhood sent an email to users Wednesday informing them that user credentials were stored in an insecure format inside the company’s internal systems. According to the email obtained by CyberScoop, the problem was discovered Monday night by the company’s security team. “We resolved this issue, and after thorough review, found no evidence that this information was accessed by anyone outside of our response team,” the email reads. A Robinhood spokesperson told CyberScoop that the company has no evidence users’ information was accessed, or that the issue meant user information was breached. “Out of an abundance of caution, we have notified customers who may have been impacted and encouraged them to reset their passwords,” a Robinhood spokesperson told CyberScoop. “We take our responsibility to customers seriously and place an immense focus on working to ensure their information is secure.” Robinhood would not divulge how the error was found […]

The post Stock trading app Robinhood says user passwords were readable on internal systems appeared first on CyberScoop.

Continue reading Stock trading app Robinhood says user passwords were readable on internal systems

Baltimore allocates $10 million to emergency funding in wake of ransomware attack

Baltimore City’s board has decided to devote a surplus of $10 million toward an emergency ransomware response in the city, after officials refused to pay $80,000 to the attackers. Baltimore City officials this week approved the emergency funding … Continue reading Baltimore allocates $10 million to emergency funding in wake of ransomware attack

NSA points to two-year patching window in remarks about Baltimore incident

In the wake of the Baltimore ransomware attack, a senior adviser at the National Security Agency said Thursday there is no “indefensible” nation-state-built tool that is responsible for the spread of ransomware and network administrators have a responsibility to patch their systems, especially when patches have been released for critical flaws. The comments come after The New York Times reported this past week that RobbinHood, the ransomware strain behind the Baltimore ransomware attack, was able to spread on the city IT infrastructure partly due to its use of a leaked NSA tool known as EternalBlue. The Times report, which cites security experts briefed on the matter, states EternalBlue was discovered as incident response teams fixed the issues that had crippled a number of the city’s online services. “The characterization that there is an indefensible nation-state tool propagating ransomware is simply untrue,” Rob Joyce, a senior adviser at the NSA, said Thursday […]

The post NSA points to two-year patching window in remarks about Baltimore incident appeared first on CyberScoop.

Continue reading NSA points to two-year patching window in remarks about Baltimore incident

Google cuts Baltimore off Gmail as city officials struggle with RobinHood ransomware aftermath

The city of Baltimore in the US State of Maryland continues to struggle with the aftermath of a cyber incident incurred earlier this month, when attackers held municipal systems at ransom. The RobbinHood ransomware attack on May 7 froze administrative … Continue reading Google cuts Baltimore off Gmail as city officials struggle with RobinHood ransomware aftermath