IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

FBI hacker is selling Robinhood customer data on hacking forum

The threat actor is looking for a minimum offer of “five figures” for the data, which includes seven million email addresses

The hacker behind last week’s Robinhood data breach is now selling the company's customer data on a hacking forum.

Known as ‘pompompurin’, the threat actor - who also claimed responsibility for the recent hack on the FBI's email system - is looking for a minimum offer of “five figures” for the "highly valuable" data, which includes seven million email addresses.

However, the threat actor emphasised that the sensitive data of 310 customers, such as name, date of birth, and zip code, will not be available to purchase “at this current point of time”.

The sensitive data was obtained through SendSafely, a file transfer system used by Robinhood to verify users’ identities when they set up an account. Out of the 310 customers who had had their ID cards stolen by ‘pompompurin’, 10 had more extensive details leaked.

The hacker criticised Robinhood for concealing the fact that the ID cards had been stolen, according to screenshots from the hacking forum obtained by BleepingComputer.

In a blog post published on 8 November, the online trading platform said it was in the process of notifying 310 customers that their personal data had been stolen. However, it didn’t specifically mention the theft of ID cards, despite CSO Caleb Sima’s stating that the company would “be transparent and act with integrity”.

IT Pro has contacted Robinhood for comment.

Related Resource

How to reduce the risk of phishing and ransomware

Top security concerns and tips for mitigation

Large letter 'O' against a background of a city - whitepaper from MimecastFree download

‘Pompompurin’ made headlines on Monday by claiming responsibility for exploiting the FBI’s systems to send fake cyber security alerts. In an interview with security researcher Brian Krebs, the threat actor said they wanted to draw attention to the security vulnerability in the Law Enforcement Enterprise Portal (LEEP) web app.

‘Pompompurin’ is named after a dog character introduced by the Japanese company Sanrio, which echoes the use of the 'HelloKitty’ alias by the ransomware group responsible for the cyber attack on game developer CD Projekt earlier this year, with the popular cat character also being a product of Sanrio. The stolen data has also since resurfaced on a dark web auction self-described as “charity fundraising”.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022
How do you become an ethical hacker?
ethical hacking

How do you become an ethical hacker?

29 Apr 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022