Shares in Robinhood have taken a dip after the retail stockbroking platform revealed that five million customer e-mail addresses were lifted from its servers during a social engineering hack.
The firm says that on 3 November, a scammer socially engineered a customer support employee by phone and obtained access to certain customer support systems.
"At this time, we understand that the unauthorised party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people," states the company in a blog post. "We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people."
The hacker demanded an extortion payment in return for the stolen files.
The firm contacted law enforecement authorities and says that no Social Security numbers, bank account numbers, or debit card numbers were exposed in the incident.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” says Robinhood chief security officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
Shares in the firm fell fell 3.1% in after-market trading on Monday.