It's been a rough year for Robinhood, the ever-popular stock trading service that makes it easy for anyone to buy and sell shares. After exploding in popularity during GameStop's spike — yes, believe it or not, that was this year — it endured plenty of controversy and user anger to successfully go public a few months ago. It seems the app can't escape controversy, as it fell victim to a security breach late last week.

The incident, which Robinhood disclosed in a blog post today, explains that a "data security incident" affected some app users, with the attacker utilizing social engineering to access customer service systems. Five million email addresses, along with full names for two million other users, were among the information scraped by the hacker. Robinhood says 310 people in total faced more significant personal data breaches, including names, birthdays, and zip codes. Ten of those users had "extensive account details revealed," though it's unclear what this may mean. The company says it's reaching out to affected users with more information.

According to the blog post, social security numbers, bank account numbers, and debit cards were all unaffected, and all users avoided financial loss — this was purely a breach of information. The attacker reached out to Robinhood for payment in exchange for the stolen data, after which the company contacted law enforcement and external security firms.

As always, if you're a Robinhood user, you should go ahead and change your password just to be safe. Although the company didn't specifically mention passcodes as among the affected information, it's good practice after a breach like this. Robinhood also supports two-factor authentication, which you can set up by viewing the necessary steps on the app's support site.