Logins for 10,000 Robinhood Investment Accounts for Sale on the Dark Web - Could One of Them Be Yours?
Table of Contents
- By Dawna M. Roberts
- Published: Nov 02, 2020
- Last Updated: Mar 18, 2022
On October 30, Bloomberg reported that criminals posted an ad on the dark web claiming to have more than 10,000 Robinhood investment accounts for sale. Robinhood is an investment platform with web access and a mobile app.
What Happened?
In mid-October, an article on Investopedia outlined numerous complaints from Robinhood users who reported being hacked and looted. Approximately 2,000 accounts were identified in the breach, and victims told reporters that they had set up extra protection within the apps. When pressed by Investopedia, Robinhood responded with, “A limited number of customers appear to have had their Robinhood account targeted by cybercriminals because of their personal email account (that which is associated with their Robinhood account) being compromised outside of Robinhood. We’re actively working with those impacted to secure their accounts. This was not stemming from a breach of Robinhood’s systems.”
The Problem
The problem is that users claim it’s not about their email accounts, but the system itself, and their pleas for help from Robinhood support has fallen on deaf ears. However, in a blanket response, on October 16th, Robinhood sent out push notifications and emails to users urging them to set up two-factor authentication and strengthen their passwords along with other cybersecurity tips to keep their accounts safe.
Robinhood’s 13 million customers must use an automated support system; there is no way to call into support if their account is hacked. A spokesperson from Robinhood commented that “Whenever we are made aware of account issues, we work directly with customers to resolve any issues as quickly as possible.” The Robinhood spokesperson states, “If we determine through our investigation that the customer has sustained losses because of unauthorized activity, we will compensate the customer fully for those losses.”
Experts point the finger at Robinhood for having subpar security measures, unlike other investment firms. For example, Robinhood does not verify changes with bank accounts. So if a hacker gains access, they can easily add a new bank account and transfer the funds from the victim’s account into their new one without the owner ever being notified.
The Dangers of Online Investing
Online investing has increased considerably since the pandemic. Hackers have started targeting vulnerable apps and systems like Robinhood to take advantage of the influx of new cash available from young, inexperienced investors.
During the 2000s, investment groups experienced a variety of breaches due to unencrypted data and insecure apps. The big brokerage firms immediately took steps to secure their systems to avoid any further cyber attacks. In the wake of these severe data breaches and the loss of millions of dollars, quite a few top investment agencies now offer security guarantees.
Firms like Charles Schwab and Fidelity promise to cover 100% of losses due to a data breach or hacking incident. However, along with this promise, clients are expected to secure their accounts following the firm’s suggested guidelines. Some of these guarantees offer reimbursement for some accounts but read the fine print; some credit and debit card accounts are not covered.
Another firm, Interactive Brokers, uses a highly-sophisticated security system called Secure Login System that employs two-factor authentication with tokens to keep their vast client base safe. They offer both hardware device tokens and mobile app authentication using software tokens for an extra layer of security. The clients who sign up for the Secure Login System can withdraw their funds more often than those who do not.
How to Keep Your Investment Accounts Safe
Keeping your online life safe can feel like a full-time job. However, with a few tweaks to your security habits, you can drastically lower your chances of being hacked or becoming a victim of identity theft and fraud. Some tips to keep your investment accounts safe are:
- Always sign up for two-factor authentication, so you receive a text alert whenever a change occurs with your account or someone tries to log in.
- Use highly complex, long, strong passwords on your investment accounts.
- Use a password vault to store and generate strong passwords.
- Never share your login credentials with anyone.
- Do not use the same password on multiple websites or accounts.
- Never click on links in an email. Instead, use your browser to visit the website and log in from there.
- Secure your home network with a good firewall.
- Install and run frequently robust antivirus/anti-malware software on all your devices.
- Keep your devices up to date with the latest security patches.
- Never access your investment accounts from public Wi-Fi or hotspots.
With a little work, you can sleep better knowing your investments are safer and more secure from hackers.