Robinhood Estimates Hackers Infiltrated Almost 2,000 Accounts

An anonymous reader quotes a report from Bloomberg: Almost 2,000 Robinhood Markets accounts were compromised in a recent hacking spree that siphoned off customer funds, a sign that the attacks were more widespread than was previously known. A person with knowledge of an internal review, who asked not to be identified because the findings aren't public, provided the estimated figure. When Bloomberg first reported on the hacking spree last week, the popular online brokerage disclosed few details. It said "a limited number" of customers had been struck by cyber-criminals who gained access by breaching personal email accounts outside of Robinhood, an assertion that some of the victims acknowledge and others reject.

The attacks unleashed a torrent of complaints on social media, where investors recounted futile attempts to call the brokerage, which doesn't have a customer service phone number. Robinhood, which has more than 13 million customer accounts, is now considering whether to add a phone number along with other tools, the person said. This week, Robinhood sent push notifications to users suggesting they enable two-factor authentication on their accounts. It also plans to send customers more advice on security, according to the statement. Several victims said they found no sign of criminals compromising their email accounts. And some said their brokerage accounts were accessed even though they had set up two-factor authentication.

Not that many

[Thelasko]

That's 0.02% of all accounts that were hacked. Obviously we would prefer none. However, if you are concerned that your account might be compromised, it's unlikely.

Re: Not that many

[klipclop]

I'm no suprised some of the hacked user deny password recycling too. Hopefully Robinhood refunds their money. If not, I hope they learned a lesson.

Re:

[olsmeister]

Robinhood will not refund their money; it will give it to the poor. Don't you know your literature?

Re:

[rtb61]

I'll bet it is more like, Robinhood (robbing from the poor and giving to the rich, themselves) are only willing to accept the 2000 accounts with the lowest losses as hacks, all the others, nope, nuh, uh, that was the customer and they will fight it in court to bankruptcy, as they try to suck as much capital out of the company they can, ohh, look it got hacked too and all it's cash reserves were 'er' 'um' stolen, so bankruptcy and bad luck for everyone. They are dead, who would be stupid enough to trust them

Fail

[Aighearach]

Well, of course they're considering adding a phone number, they thought that not even trying meant they couldn't get in any trouble for doing it wrong, and then their lawyers explained the word "gross" in "gross negligence" to them.

You were holding the money. You were unreachable when your customers tried to report ongoing attacks that would cost them additional money. You are one who got hacked, actually, not the customers. Criminals accessed your computer systems and took the money out, that you were in either deposit or trust. Expensive.

Be nice about paying them back, they can't add punitive damages if you make everybody whole! That's your only way out.

Re:

[AvitarX]

I appreciate them.

They allow for using an authentication code for 2FA and I can't find a way to bypass it. This means I am immune from SIM hijacking if I choose to be.

With Vanguard for example if I login with a mobile browser it reverts to SMS based 2FA even though I have chosen to not use that method.

Robinhood actually enforces the security I request.

Re:

[Krishnoid]

It'll probably just route you to the phone tree.

Cuz you know, Sherwood Forest and all.

Re:

[Aighearach]

Sounds like the bank in Legend Of the Red Dragon!

I'll stick with Fidelity.

Robinhood?

[bobbied]

Wasn't he supposed to be taking from the rich to give to the poor? What happened to the guy?

How far the band of Merry Men have fallen if they are reduced to stealing from the common man's brokerage account..

Becoming more common

[quonset]

which doesn't have a customer service phone number.

More and more companies, even the big ones, are foregoing anything resembling ease of customer service in favor of either offshoring to script kiddies or some nebulous form which might possibly get to someone who might possibly be able to help you. After a few dozen back and forth emails over a day or two.

Because picking up the phone and talking to someone to get the full story is so passe.

Re:

[geekmux]

...Because picking up the phone and talking to someone to get the full story is so passe.

Much like acceptable customer service.

modern times

[anonimouser]

It is called modern times. A company that flouts SEC regulations advertises themselves as investment for the masses, giving people the ability to do options even though they know absolutely nothing (you are supposed to apply to have options, and the brokerage has to evaluate your aptitude) because in Robinhood you don't even have to know what a share means (you can buy in dollar amounts, whatever that means). Robinhood has caused some people to commit suicide because they lost huge amounts of money (the kid actually didn't lose that much, he just didn't realize it because he doesn't know how to interpret numbers), has frozen when there was peak trading in March, and apparently doesn't even have a phone number where you can reach people. It is ripe for hacking, an app catering to dummies and made by dummies. But the SEC doesn't care, because they have stopped regulating months ago (eg Elon Musk's tweets supposed are to be reviewed first, but he doesn't care and apparently there is no punishment for not following the punishment imposed by not following the rules).

The Sheriff of Nottingham again?

[nospam007]

Like last week?

Re:

[Tablizer]

Their mission changed. Steal from the honest middle class and give to the dishonest middle class.

Maybe worse than it appears

[jelwell]

I just logged into my account to look and even though I turned on 2FA a while back it was disabled on my account. Not a good sign.

Re:

[account_deleted]

Comment removed based on user account deletion

Find anyone else.

[Fly Swatter]

robinhood ... now considering whether to add a phone number along with other tools

I hope all robinhood users are considering whether to add a 'broker' with a phone number.