On 9 October, Fintech startup Robinhood Markets Inc. stated that a few of their customer accounts may have been hacked. The reason was probably that personal email accounts had been compromised outside of their platform.
According to the company spokesperson, the probable hack is not a result of a fault in their systems. They have taken proactive measures to assure the security of the accounts.
However, recent findings show that almost 2000 customer accounts were compromised in a recent hacking spree that siphoned off customer funds. This implies the was not a singular, but rather a part of a widespread form of attack.
When the initial reports were posted last week, the popular online brokerage disclosed few details. They said that only “a limited number” of customer accounts had been struck by cybercriminals. They gained access by breaching personal email addresses outside of the Robinhood server, a fact that few victims agreed to, while others did not.
Robinhood has become very popular because of its ideas and implementation of popularising trading among millennials. The company systems have faced several outrages since March, owing to it’s unusually high traffic to its app and sudden spike in the number of day trade by retail investors.
In an email statement, the company said, “We always respond to customers reporting fraudulent or suspicious activity and work as quickly as possible to complete investigations. The security of Robinhood customer accounts is a top priority and something we take very seriously.”
This breach caused customers and followers to complain on social media, where investors recounted futile attempts to call the brokerage, which doesn’t have a customer service phone number. Robinhood is currently considering whether to add a phone number for customer service, along with other tools.
This week, Robinhood sent push notifications to their customers, alerting them to enable two-factor verification on their accounts. The company plans to send more advice on security to its customers.
Most victims said that they did not find any signs of intrusion in their accounts, or their email, but had just found unauthorized transactions, Lena Williams, a human resources professional in the Chicago area, woke up one day to see that all her investments were being sold and discovered she was locked out of her own account. Williams said that her account was hit on 10 September, but her repeated emails and her Twitter message were not answered until recently.
Fake IDs were used for Trading
Customers could not find a phone number, neither did they receive any answer to the mails sent to customer support. Miah Brittany Laino, who works at a home-improvement store in Arizona, was one of the victims. Her emails to customer support remained unanswered, but later she got a call from customer support on 25 September. It was informed that someone head forged fake documents and submitted them to Robinhood to reactivate trading. The forgery had her information, a photo of a different person, and a font that doesn’t match Arizona’s official state IDs.
Though Robinhood restored her account and stock holdings, Liano plans to leave the brokering company eventually. Robert Riachi, a young trader, is still in limbo. He said that his email was compromised a week ago, and thousands of dollars went missing. His account has been locked, and he plans to move his account to Charles Schwab Corp if he gets back the money.
With four years of his savings in that account, he has no idea how to get it back. He said, “I feel like my money could be put somewhere else, somewhere that has a human person that I can talk to. It’s kind of ridiculous that an investment app that’s handling people’s livelihoods, people’s money, has the audacity to make people wait several weeks to hear back anything.”