Robinhood announced on Tuesday that it suffered a “data security incident” that saw a hacker make off with millions of customer emails, and in the case of a handful of clients, additional personal information as well.
In a blog post, the popular stock and crypto-buying app described how a hacker tricked one of its customer support employees into giving out information that let criminals make off with a large trove of data. Robinhood described the incident as follows:
“The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems. At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.”
According to Robinhood, the hacker did not obtain sensitive personal information such as Social Security Numbers or banking information for most of the affected customers. But the company added that, in the case of around 310 customers, the hacker made off with additional data such as their birth date and home address—while 10 customers had “more extensive account details revealed.”
Robinhood added that the hacker contacted the hacker to demand payment—an attempt at blackmail in other words—but that the company contacted law enforcement.
The company did not say what other steps it is taking to address the incident, but advised customers looking to secure their accounts to consult the “Account Security” menu in their app.
This story will be updated with more details shortly.