The data for approximately 7 million Robinhood customers stolen in a recent data breach is being sold on a popular hacking forum and marketplace. Last week, Robinhood disclosed a data breach after one of its employees was hacked and the threat actor used their account to access the information for approximately 7 million users through customer support systems. In addition to stealing the data, Robinhood stated that the hacker attempted to extort the company to prevent the data from being released. Stolen email addresses, especially those for financial services, are particularly popular among threat actors as they can be used in targeted phishing attacks to steal more sensitive data. Two days after Robinhood disclosed the attack, a threat actor named pompompurin announced that they were selling the data on a hacking forum. In a forum post, pompompurin said he was selling 7 million Robinhood customers’ stolen information for at least five figures.
Threat actors buy email address lists like this to be used in spam and phishing campaigns. Phishing remains one of the most common ways for threat actors to gain an initial foothold on a system. It is vitally important to educate users on how to spot and report phishing emails, to always hover over links before clicking them to see what domain they go to, and not to enable macros on attached Office documents.