The data belonging to approximately 7 million Robinhood users, which was stolen in a recent cyberattack, is being advertised for sale on a dark web platform.
The Robinhood hack is reported to have occurred after a threat actor managed to breach the computer system of an employee and went ahead to leverage their account in accessing the large trove of data belonging to Robinhood customers via customer support systems.
According to cybersecurity reports, the following types of data considered to be personal information was affected by the cyber event:
- Email addresses belonging to some 5 million users.
- Full names for 2 million users.
- Name, dates of birth and ZIP code belonging to 300 users.
- Additional personal data for 10 Robinhood customers.
Investigators intimate that apart from stealing the massive cache of data, Robinhood confirmed that the threat actor behind the cyberattack had tried to extort the firm in anticipation of the expectation that they will give in to demands in exchange for assurance that the stolen data would not be released.
It goes without saying that the stolen information, especially email addresses, that’s been harvested from the financial services sector sell like hot cake among underground communities that may use the data to orchestrate phishing attacks.
Who Was Threat Actor Behind This?
According to a Bleeping Computer report, pompompurin is the threat actor that pulled off the Ronbinson hack and went ahead to publish the data for sale on a hacking forum hosted on the dark web.
The cybersecurity analytical publication intimated that the cybercriminal was selling the stolen Robinhood customer’s credentials for more than five figures, which places their demand at more than $10,000.
What’s more interesting is that pompompurin is still the same threat actor that recently pulled off the recent FBI hack in which fake emails were being sent from the email servers owned by the U.S. law enforcement agency.
Details surrounding the cyber event included the receipt of emails sent from FBI infrastructure warning the recipients of a supposed “sophisticated chain attack” being aimed at their systems.
It turns out that in order for pompompurin to successfully send the fake emails, they had to exploit a bug in the FBI Law Enforcement Enterprise Portal (LEEP) to allow them send emails form the IP addresses belonging to the federal agency.