The hacker behind last week’s Robinhood data breach is now selling the company’s customer data on a hacking forum.
Known as ‘pompompurin’, the threat actor – who also claimed responsibility for the recent hack on the FBI’s email system – is looking for a minimum offer of “five figures” for the “highly valuable” data, which includes seven million email addresses.
However, the threat actor emphasized that the sensitive data of 310 customers, such as name, date of birth, and zip code, will not be available to purchase “at this current point of time”.
The sensitive data was obtained through SendSafely, a file transfer system used by Robinhood to verify users’ identities when they set up an account. Out of the 310 customers who had had their ID cards stolen by ‘pompompurin’, 10 had more extensive details leaked.
The hacker criticized Robinhood for concealing the fact that the ID cards had been stolen, according to screenshots from the hacking forum obtained by BleepingComputer.