Posted on October 16, 2020 at 3:03 PM
Almost 2,000 Accounts Discovered to be Hacked in Robinhood Internal Probe
Robinhood had suffered a hack of almost 2,000 of its Robinhood Markets accounts. The compromised accounts had their customer funds siphoned off in the latest hacking spree, which suggests that the attacks were far more widespread than what was previously established.
A Far Greater Scope Than Originally Thought
Bloomberg managed to get their hands on a source with knowledge over the internal review. Of course, they refrained from making their identity public, but this source was the one that provided the estimated figure, to begin with.
It was just last week when first reports of this hacking spree occurred, and the ever-popular online brokerage was stingy when it came to disclosing details. In its first reports, Robinhood stated that a “limited number” of customers managed to get hit by a cyberattack.
The official reasoning for this attack was said that the hackers managed to breach the personal email accounts of the users outside of Robinhood. This is a story some have rejected, and others have accepted, with no definitive way to prove who was right and who was wrong.
Lack Of Customer Support Hotline Felt
The attacks themselves unleashed a wave of complaints by Robinhood users on various social media platforms. Numerous investors explained how they attempted to call the brokerage, subsequently failing as it doesn’t have a customer service number.
The enigmatic source explained that Robinhood has decided to start considering the addition of a phone number, alongside other tools. With 13 million customer accounts, it’s honestly impressive that this only became a prevalent issue now rather than earlier.
In an official emailed statement, the company was quick to state that it always responds to its customers reporting suspicious or fraudulent activity. The statement went further, promising that they work as quickly as possible in order to complete investigations about the matter. Robinhood assured the public that the security of its customer accounts stands as one of its top priorities, and something it takes extremely seriously.
As the statement explained, Robinhood had sent users push notifications that suggest that they should implement two-factor authentication on their accounts. Alongside this, the statement made it clear that it plans on giving more advice on their personal account security.
Something Isn’t Right
Issues started to pop up, however, when several victims began to claim that they found no evidence that a criminal had compromised their email accounts. Even more troubling, some claim that their brokerage accounts had two-factor authentication when it was illegally accessed.
One such victim, Lena Williams, is a human resources professional from Chicago. According to Williams, these hackers had gotten into her account a month prior, even though she had found no evidence of her email being breached. Alongside this, Williams had used two-factor authentication, but still found all her investments liquidated one day, and was subsequently locked out of her account, as well.
While Robinhood claims that it’s working quickly to solve customer grievances, Williams stated that she only had her messages returned on Thursday. This is troubling, as her account was hacked on the 10th of September, and she has been sending repeated emails as well as a Twitter message ever since.
A Badly-Made Fake ID
Another such victim that actually had their emails compromised, Miah Brittany Laino, works at a home-improvement store in Arizona. She had two-factor authentication, as well, and it stated that someone was blocked from access by it on the 13th of September.
She changed her password, as instructed by Robinhood, and the firm stated that trading would be suspended until she provided an ID. However, she didn’t bother, as she figured the account would be safer disabled.
Lo and behold, early that next morning, a barrage of phone alerts notified her that someone had liquidated all her stocks—something she described to be akin to waking up to find your house on fire at 4 AM.
Without a customer support number, Laino emailed customer support. Initially believing she had no response, she checked the trash bin of her email, discovering that someone else had accessed it. This malicious actor had rigged it to automatically intercept messages sent by Robinhood.
On the 25th of September, Laino was called by customer support, learning that someone had submitted a fake identification of her in order to re-activate trading on her account. This forgery had a photo of a different person, her information, as well as a font not matching the official state IDs of Arizona.
As one would imagine, Laino isn’t pleased with Robinhood, even if they restored both her stock holdings and her account, and is making plans to leave the firm, in time.
