Screenshots obtained by Motherboard reportedly show the internal Robinhood tools that a hacker used to access “more extensive account details” for some of the trading platform’s accounts. The heavily redacted screenshots show that hackers had access to buttons labeled “Disable MFA” (multi-factor authentication) and “Add to Trusted Device Email Code Whitelist,” along with information about what devices were logged into the account, and the ACH bank transfers the user had done.
Motherboard says it got the screenshots from someone claiming to be affiliated with the hackers. Robinhood told The Verge that its investigation didn’t reveal evidence that the hacker made any changes to accounts.
:no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/23003306/1636570231635_robintopublish.png)
Although data was accessed for around 7 million people, Robinhood said in its announcement that most of them only had their email addresses or full names obtained. Ten people, however, had “more extensive account details revealed.” Robinhood confirmed the account included in one screenshot Motherboard received showing a customer support conversation was one of those 10. Another screenshot also shows a customer’s account balance, portfolio value, and verified phone number.
Robinhood announced the hack on Monday, saying that someone was able to socially engineer one of its support employees and gain access to some of the company’s customer support tools. These tools gave them access to some user information, though not Social Security, bank, or debit card numbers, according to Robinhood. The company won’t say if the users who had more data accessed than others were specifically targeted, but it has said that it’s reaching out to those affected. Robinhood also said that the hacker tried to extort it for money, but that it didn’t pay.
Update November 10th, 5:16PM ET: Added information from Robinhood stating the hackers did not alter account information.