A data breach has affected seven million users of the Robinhood trading app.

Robinhood, a popular investment app, announced that it had a security breach last week, on November 3, in which hackers gained access to the personal information of around 7 million users and demanded a ransom payment.

Robinhood Data Breach

As reported by BBC, no Social Security information, bank account numbers, or debit-card details were disclosed, and that consumers have suffered no financial losses as a result of the cyberattack.

The vast majority of clients who were impacted just had their email address or their entire name acquired by the hackers.

Moreover, the information collected for 310 people includes their name, date of birth, and ZIP code.

Robinhood stated it had turned down a payment demand and had reported the breach.

In cyberattacks, such ransom demands are widespread and usually consist of a promise not to sell or release the compromised data for free online.

Rather than cooperating with the "extortion," Robinhood said it had alerted law authorities and recruited an outside cybersecurity firm to assist with the situation.

Read Also: Facebook Data Breach 2021 Exposes Personal Info of 1.5 Billion Users: 2 Tools to Check If Your Data Have Been Leaked

How The Breach Happened

According to Robinhood, the breach occurred as a result of social engineering, a targeted and convincing deception aimed to persuade an employee to divulge login credentials or other sensitive information.

It compromised five million people, whose email addresses were exposed, as well as two million people's entire names.

In addition, a far smaller set of roughly 310 users, according to the trading platform, had much more information exposed, including names, dates of birth, and US zip codes.

Robinhood is exclusively available to residents of the United States, and users must be at least 18 years old, have a valid social security number, and live in the United States.

What to Do After a Data Breach

The following steps are recommended safety precautions to users when a data breach occurred by Consumer Reports:

1. Find Out What Information Was Leaked. Finding out exactly what information was accessed is the first step in responding to a data breach. Companies will occasionally contact you to alert you if your personal information has been discovered through a cyber attack. 

2. Change Any Passwords That Have Been Exposed. Whenever a personal password has been compromised, you must update it not only on the breached service but also on all other sites where you've used it.

3. Switch to an Authentication App from Text-Based MFA. Attackers can use your name and phone number to try to log into your account if. With that, users will need a second factor in addition to their password to log in if they enable multifactor authentication (MFA), which is available for financial sites, social media sites, and many others.

4. Remove Your Home Address From the List. If a personal home address was compromised in a data breach and then published on another website, users can report it and ask for it to be removed.

5. Put Your Credit On-Hold. Whether someone's Social Security number or financial information is compromised as a result of a data breach, freezing existing credit will prevent identity thieves from opening new accounts in their name.

6. Delete Any Accounts That Users Aren't Using. The data is more likely to be exploited or stolen if users have too many digital accounts. After they've completed these steps, maintain track of all of the active accounts, including those with banks, lenders, and retailers.

    

Related Article: T-Mobile Data Breach 2021: 100 Million Users Exposed in Latest Hacking, Is There a Fix?