Cyber Incidents: Investment Platforms At Risk
This post is an overview for those who are concerned about Fintech and security development. It provides brief summaries and links to articles and news, describing the most remarkable events in the sphere.
Learn about the latest news.
Robinhood data breach
On November 8, investment platform Robinhood announced that more than 7 million of its customers’ personal information had been leaked as a result of a data breach. The attack on the security system did not find social security numbers, bank account numbers or debit card numbers, and none of its customers suffered “financial losses” as a result of the incident, the company said.
The data breach mainly concerned only customer names and emails. A limited number of customers have had additional personal information disclosed, such as date of birth and zip code. Details such as birthdays and physical addresses are difficult to change and are commonly used as checks when logging into various services.
The Robinhood data security breach occurred on November 3rd due to a support employee. The hacker used social engineering techniques to gain access to internal systems, and later tried to get a ransom from the company.
More than 300,000 Android smartphone users have downloaded the banking Trojans from the Google Play app store. Malicious programs are malicious versions of commonly downloaded applications: document scanners, QR code readers, fitness monitoring and cryptocurrency applications.
The most prevalent of all malware, Anatsa, installed by over 200,000 Android users, is an “advanced” banking Trojan that can steal usernames and passwords and uses an accessibility log to record everything displayed on the user’s screen, and a keylogger allows attackers to record all information entered into the phone.