Hillicon Valley — Robinhood breach exposes data on millions

AP Photo/Patrick Sison

 

 

Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: digital-release.thehill.com/newsletter-signup.

Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Popular trading platform Robinhood is in the spotlight this week after announcing that an “unauthorized party” accessed the data of more than 7 million customers, the latest in a string of major cyber incidents to hit U.S. companies this year. 

Meanwhile, state and local officials are cautiously celebrating the inclusion of $1 billion in cybersecurity funding in the infrastructure package that awaits President Biden’s signature, and Facebook announced a new policy that will somewhat limit advertisement targeting on its platform.

Let’s jump in.

 

Robinhood gets robbed

Trading platform Robinhood disclosed late Monday that an “unauthorized party” had stolen the data of over 7 million customers as part of a major data breach.

A lot of data: According to a blog published on Robinhood’s website, the breach, discovered on Nov. 3, allowed the perpetrator to steal the email addresses of around 5 million Robinhood users, and the full names of a further 2 million individuals.

Around 310 individuals had their names, birth dates, and ZIP codes exposed as part of the breach, while 10 customers had “more extensive account details” revealed, according to Robinhood.

Robinhood stressed that no Social Security numbers, bank account numbers or credit card numbers were exposed in the breach, and that no customer had experienced a financial loss as a result. 

Investigation underway: The company has reached out to law enforcement, disclosed the breach in a filing with the Securities and Exchange Commission, and has engaged the services of cybersecurity company Mandiant to help investigate the breach. 

“Robinhood quickly contained the security incident and conducted a thorough investigation to assess the impact,” Charles Carmakal, senior vice president and chief technology officer of Mandiant, told The Hill in a statement. “Mandiant has recently observed this threat actor in a limited number of security incidents and we expect they will continue to target and extort other organizations over the next several months.”

Read more here.

State and local cyber officials rejoice 

State and local officials are celebrating the expected distribution of $1 billion in cybersecurity funds from the newly approved infrastructure deal, the biggest government investment in state and local cybersecurity to date.

Long wait: The funds were included in the $1.2 trillion infrastructure package that is awaiting President Biden’s signature after months of negotiations in Congress and years of advocacy from state and local governments, which have faced chronic shortages of resources to address increasing cyber threats. 

“We are elated,” Matt Pincus, director of Government Affairs at the National Association of State Chief Information Officers (NASCIO) told The Hill Monday. 

“It’s a significant amount of money that has never existed before,” Pincus said. “Our members and other state and local government associations have been clamoring for the need for some sort of cybersecurity-specific funding stream available to local and state governments.”

The breakdown: The funds are set to be allocated over four years, with $200 million made available in 2022, $400 million in 2023, $300 million in 2024, and $100 million in 2025. 

The federal funds are set to be rolled out after a difficult few years, during which state and local governments have found themselves increasingly vulnerable to attackers as critical services moved online during the COVID-19 pandemic.

Read more here. 

JOIN THE HILL’S VIRTUAL EVENT

Event Announcement—The Future of the Workplace—Wednesday, November 10 at 1:00 PM ET

COVID-19 will have lasting impacts on how we live, work, and communicate. Physical proximity is returning slowly, but new sensitivities about personal space will require new patterns of workplace interaction, and these changes will affect how and if we will return to the office. On Wednesday, November 10, Editor-at-Large Steve Clemons will be joined by Rep. Mary Gay Scanlon (D-Pa.), Rep. Victoria Spartz (R-Ind.), AFL-CIO Chief Economist William Spriggs, Institute for Women’s Policy Research President Nicole Mason and more to discuss what lies ahead for America’s workforce, its workplaces, and the economy. RSVP today.

FACEBOOK TO LIMIT (SOME) AD TARGETING

Advertisers on Facebook will no longer be able to target ads based on user’s interactions with topics such as race, religion and political affiliation, the social media giant announced Tuesday. 

The change across Meta’s platforms, the new parent name for Facebook, will go into effect starting January 2022. 

The update will remove “detailed targeting” options related to topics “people may perceive as sensitive,” according to the company’s blog post

For example, ads won’t be able to target based on sexual orientation using terms such as “same-sex marriage” and “LGBTQ culture,” or based on religious practices using terms such as “Catholic Church” and “Jewish holidays.” 

Targeting based on references to political beliefs, social issues, causes, organizations and figures will also be banned.

Read more here.

 

I CAN’T BELIEVE THIS APP IS FREE

Twitter announced Tuesday that it will bring its subscription-based “Twitter Blue” feature to the United States.

The paid subscription adds premium features to the platform, including the ability to undo tweets before they post, early access to upcoming features and an ad-free article reader.

The subscription costs $2.99 a month and is targeted for large accounts, long-term users and news junkies.

The feature was initially launched in Canada and Australia this past June.

Twitter Blue subscribers will be able to customize their in-app experience with themes, app icons and the option to personalize toolbars.

Read more.

 

Tim Cook takes on tech critics

Apple CEO Tim Cook upped the ante Tuesday in his company’s long-running feud with Facebook by defending Apple’s anti-tracking privacy update, which the social media giant recently called out as a challenge to its own earnings. 

During The New York Times DealBook Summit, Cook spoke in support of an Apple feature that requires apps to ask users for permission before tracking them across platforms. Facebook, along with other tech companies, have cited the anti-tracking feature as a roadblock for their businesses. 

“I don’t know about estimates, I can’t testify to those kind of numbers, but I think that from our point of view privacy is a basic human right and the people that ought to be deciding whether their data shared is the person themselves,” Cook said during an interview kicking off the summit. 

The Financial Times last week reported that the Apple update caused an estimated nearly $10 billion of revenue loss in the second half of the year for Snap, Facebook, Twitter and YouTube.

The feature was rolled out in April after delays. Facebook, which thrives off revenue from targeted ads, fiercely pushed back on the planned update, arguing in an ad campaign that it would hurt small businesses.

Read more here.

TOUGH DAY FOR XFINITY CUSTOMERS

Comcast Xfinity internet users experienced nationwide outages that began Monday night and lasted into Tuesday morning. 

“Earlier, some customers experienced intermittent service disruptions as a result of a network issue,” a Comcast spokesperson said in an email to The Hill. 

“We have addressed the issue and service is now restored for impacted customers, as we continue to investigate the root cause. We apologize to those who were affected,” the spokesperson added. 

Earlier on Tuesday, the company said on Twitter “due to unforeseen circumstances, we are experiencing widespread interruptions to the XFINITY Services.”

Read more here. 

 

BITS AND PIECES

An op-ed to chew on: Facebook gets new corporate name, but societal carnage continues

Lighter click: Soup

Notable links from around the web:

‘Sincerely, Elizabeth Warren’: How lawmakers use letters to get their way (Protocol / Ben Brody)

Researchers uncover software flaws leaving medical devices vulnerable to hackers (CNN / Sean Lyngaas)

Why the rest of the world shrugged at the Facebook Papers (Rest of World / Staff)

You.com wants to remake the search engine (The Verge / Adi Robertson)

One last thing: Some Meta concerns

Facebook whistleblower Frances Haugen warned that the social media platform’s shift to developing a virtual reality world, known as “metaverse,” poses new safety concerns. 

Haugen, a former product manager at Facebook who leaked internal company documents last month, detailed her concerns in an interview with The Associated Press published Tuesday. 

“So beyond the fact that these immersive environments are extremely addictive and they encourage people to unplug from the reality we actually live,” she told the AP, “I’m also worried about it on the level of — the metaverse will require us to put many, many more sensors in our homes and our workplaces,” and relinquish more data and privacy.

Read more here.

That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Wednesday.

Tags Elizabeth Warren Joe Biden Mary Gay Scanlon

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.