With personal details, criminals can commit identity theft, open credit accounts in your name or hijack your social media accounts. Stealing private data is lucrative for thieves. And they just stole a ton of private data from the trading and investing app Robinhood. If you ever signed up for Robinhood, watch out. An enormous number of user email addresses are now for sale on a hacker forum. Keep reading to find out what you should do next.

Here’s the backstory

Threat actors leaked 7 million user emails, Bloomberg Wealth reports. Robinhood confirmed the breach, saying it occurred on Nov. 3. Hackers snatched all sorts of private information, including:

Email addresses of 5 million customers.Full names of 2 million people.A small group of around 310 victim’s name, date of birth and ZIP code.

In a blog post, Robinhood said that about 10 customers had “more extensive account details revealed” without saying what they included. The company will be contacting the affected customers with more information. The firm quickly explained that no Social Security numbers, bank account numbers or debit card numbers were part of the leak. Robinhood said it detected the breach in real-time and acted quickly to contain the damage. It notified local authorities, and a criminal investigation is ongoing.

What you should do after a breach

When your details are part of a security breach, the first thing to do is change your account password. It is scary to know that your personal information can be sold on the black market, but there are some things you can do to limit its misuse. Take these steps now to protect your valuable information:

Change your passwords. The most important step to take in protecting your data is to change your account password. If you use the same username and password on other services, you should change those too. And from now on, only use unique credentials for every account. Check your financial statements. Following a security breach, keep an eye on your bank statements for any suspicious or unauthorized transactions. Immediately notify your bank if something is out of the ordinary.Enable two-factor authentication. When available, always enable two-factor authentication (2FA). This adds another security step when logging into your account and is much harder to breach. Tap or click here to learn more about 2FA.Check for unauthorized devices using your Robinhood account. The investment app allows you to view a complete list of devices you’ve used to log in. If you see a device that you don’t recognize, remove it from your account immediately. Here’s how to view and manage devices in the Robinhood app:Tap the Account (person) icon in the bottom right corner.Tap the Menu (three bars) on the top right corner of the screen.Tap Security and Privacy.Tap Devices.Select a device to view further details.Tap Remove Device if you want the device signed out of your account—removing the device signs you out of it and may require you to verify it’s you the next time you sign in from it.

If you notice suspicious activity in your Robinhood account, contact the company ASAP through email at report@robinhood.com.

Keep reading

Part of a data breach? These are the steps to take immediately 400M+ medical records exposed in massive data breach – What it means for you