BACKGROUND:
The Verge say Robinhood has revealed that “several thousand entries” in a list obtained by hackers included phone numbers, indicating that a November 3rd security breach compromised more information than the company originally reported. More precisely, the list contains around 4,400 phone numbers according to Motherboard, which reportedly obtained the list from a “proxy for the hackers.”
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>As more data is found to have been compromised in this attack, it highlights that in the aftermath of any attack it can often be days before the full extent of what leaked information is known. Naturally, customers of Robinhood must now be more alert to scams and social engineering but SIM swapping attacks often occur without any knowledge of the victim so extra security can be placed on their telecoms provider account. Many people will use a PIN code to pass security so it is vital that this code is not related to the victim in any way such as an notable year or birthday. </p>
<p>Once phone numbers are leaked they are quickly attached by other known pieces of information connected with your profile and it is very difficult to stop this. It is therefore important to be aware of how follow up attacks work and that messages purporting to be from known contacts or businesses may still look very convincing yet be the beginnings of the second part of the scam.</p>