The 2021 Robinhood hack affected around five million users, exposing their email addresses, full names, and other data. In a recent update, Vice confirmed that roughly 4,400 phone numbers were leaked too.
Vice Motherboard managed to get a copy of the stolen phone number from someone who presented themselves as a proxy for the hackers. The online magazine approached Robinhood and asked if the phone numbers belonged to its customers.
The company confirmed this, saying: “We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze.”
Robinhood went on to say that it doesn’t believe that the list contains any social security numbers or bank account information. It also claims that, to its knowledge, no one affected by the breach has experienced any financial losses.
Phone numbers are a commodity online. Robocall services will pay money for such lists to mass call their users. The reason can range from annoying telemarketing campaigns to dangerous phishing campaigns.
Since robocalling became commonplace, people often use reverse phone lookup services to check if the unknown caller is legitimate. Vice points out a bigger danger, though. 2FA people use to secure their accounts often requires a phone number as a second factor.
If hackers figure out how to reroute 2FA codes using a stolen phone number, they could potentially break into accounts. Any personal details one has online could put them in danger. Concerned users might want to remove their information from the internet.
In the case of data breaches, the information may be beyond a person’s reach. In such cases, those affected should secure their accounts. They can do that by changing any details that may have been leaked and including additional security factors.
The news of the leaked phone numbers has come quite late in the timeline of the hack. We don’t know whether it will be the last.