The online trading platform Robinhood suffered a breach earlier this month as a result of a member of their support team being successfully phished.
While specific details aren’t available at the time of writing, Robinhood are to commended for their transparency and openness around the attack.
This show the continued threat of phishing attacks in gaining a foothold/beachhead in a larger of more sophisticated attack.
Frustratingly here, a combination of training, testing and better internal processes could likely have prevented the breach. As a fintech (financial technology) business, Robinhood are likely to have excellent technical security controls, patching schedules, red/blue teams, etc. in place but it seems they may have neglected other aspects of a security strategy.