Screenshots obtained from Motherboard they reportedly show Robinhood’s internal tools used by a hacker to access “more extensive account details” for some trading platform accounts. The heavily obscured screenshots show that hackers accessed buttons labeled “Disable MFA” (Multi-Factor Authentication) and “Add Trusted Device Email Code to Whitelist”, along with information on which devices were enrolled in the account and the ACH bank transfers the user had made.
Motherboard claims he received the screenshots from someone claiming to be affiliated with the hackers and claims that Robinhood denied that the hackers made any actual changes to any account.
Although access to the data was made by about 7 million people, Robinhood said in your ad that most of them only got their email addresses or full names. Ten people, however, “disclosed more extensive account details”. Robinhood confirmed the account included in a screenshot Motherboard received showing a customer support conversation was one of those 10. Another screenshot also shows a customer’s account balance, wallet value, and verified phone number.
Robin Hood announced the hack on Monday, claiming that someone was able to socially engineer one of their support employees and gain access to some of the company’s customer support tools. According to Robinhood, these tools allowed them to access some user information, but not social security, bank, or debit card numbers. The company won’t say whether users who accessed more data than others were specifically targeted, but said it is targeting those affected. Robinhood also said the hacker tried to extort him for money but didn’t pay.
Robinhood did not immediately respond to a request for comment from The Verge.