US share-trading app Robinhood has been hit by a security breach that has exposed the names or email addresses of more than seven million people, BBC reported.
And it does not believe the most sensitive information it gathers - US social security numbers and financial information - was revealed.
Robinhood said it had rejected a demand for payment and reported the attack.
Such ransom demands are not uncommon in cyber-attacks.
Instead of complying with what it called "extortion", Robinhood hired an external cyber-security firm to help deal with the incident.
The breach happened on 3 November through what's known as "social engineering".
Robinhood also said a much smaller group of about 310 people had much more information exposed - including names, dates of birth, and US zip codes.
A further 10 or so had "more extensive account details revealed", it said.
Robinhood is available only to US users and requires them to be over 18, provide a valid social security number, and a valid US address.
The app, which allows for low-volume share trading by ordinary people looking to invest, exploded in popularity earlier this year and was widely used by speculative investors behind the GameStop trading frenzy.