Hackers say they hold keys to 10,000 Robinhood accounts

Hackers say they hold keys to 10,000 Robinhood accounts
Robinhood-related emails up for sale on the dark web reportedly outnumber those for other brokerages by about 5-to-1
OCT 30, 2020

The dark web is the underbelly of the internet, where cybercriminals hunt for drugs, demand ransom and engage in trafficking.

It’s also where hackers can buy and sell email credentials to access customer accounts at Robinhood Markets, the online brokerage that has drawn millions of users this year, many of them young and trading stocks for the first time.

Access to more than 10,000 email login credentials allegedly tied to Robinhood accounts were available for sale this week, according to a Bloomberg review of dark web marketplaces. The number of Robinhood-related emails for sale outnumber those for other brokerages, by about 5-to-1, according to Eli Dominitz, chief executive of Q6 Cyber, an e-crime intelligence firm that analyzed the prevalence of these advertisements on the dark web.

“If they feel that Robinhood gives them greater upside than trying to steal money from Bank of America, that’s what they’re going to do,” Dominitz said of the cybercriminals and why there may be more demand for Robinhood accounts than those of other brokerages.

Robinhood customers have complained for months that their accounts have been hacked and that they’ve struggled to get the company to respond. An internal investigation found almost 2,000 accounts were compromised as a result of hacked emails, a person familiar with the matter said this month.

Robinhood emphasized that it’s not the only brokerage subject to such attacks.

“It is not uncommon for cyber-criminals to target customers of financial-services companies by attempting to use information sourced from the dark web,” Robinhood said in an emailed statement, adding that the information is often inaccurate and that a stolen email alone isn’t enough to compromise a brokerage account.

TRADING BOOM

The company said there are no signs that its systems were breached and that it employs several security measures, while encouraging customers to enable two-factor authentication. Robinhood has also promised to fully compensate customers if the company determines they lost money because of unauthorized activity.

The availability of client credentials on the dark web highlights the challenge brokerages face in the COVID-19 era, as a boom in online trading has been accompanied by increased opportunities for cybercriminals.

Bloomberg also found data linked to almost 1,000 TD Ameritrade Holding Corp. accounts on a marketplace called SlilPP, which is known for hawking stolen banking and financial services credentials.

“Cyber criminals are constantly evolving their tactics, and we work very hard to stay one step ahead of them,” TD Ameritrade spokeswoman Christina Goethe said in an emailed statement, noting that the company also offers security measures, including two-factor authentication.

‘DIGITAL UNDERGROUND’

The data peddled on dark web marketplaces are typically accurate, though it’s unclear whether all of the credentials are tied to genuine brokerage accounts, said Dominitz, who works with other financial firms to monitor threats.

One of the latest offers to buy access to Robinhood accounts came Wednesday, with each credential available for as little as $3.50: “Fresh DUMP Active accounts with orders! MAIL access only!”

Dominitz explained a typical hack may work like this:

After commandeering a victim’s email, the thief requests a new password for the brokerage account and then intercepts the email sent in response, effectively locking out the account owner before they notice a problem.

Some marketplaces are selling other information that could provide a different way of hacking into customer accounts. One of them advertised remote access to a laptop that had been infected with malware, revealing active Robinhood credentials.

LOCKED OUT

Robinhood customer Ryan Bordner, an electrical engineer in Spokane, Washington, was among those whose email credentials were sold on the dark web. Like many others, he woke up one morning in mid-August to find he was locked out of his brokerage account.

Bordner, 30, said he later learned from an identity-theft protection service that his email credentials wound up on the dark web following a June breach of another personal finance app he had set up years earlier and forgotten about. The intruder used that access to change the password of his brokerage account and route all emails from Robinhood to his trash folder.

Hacking has been the latest headache for Robinhood, which was founded seven years ago by Baiju Bhatt and Vlad Tenev and has exploded in popularity this year as Americans stuck at home look to make some money during the pandemic. The no-fee brokerage app has also attracted consumer complaints, with novice investors confused by the vagaries of stock options and margin loans and no one to reach for help by phone.

“We’re working on customer support across the board,” Tenev said in a CNBC interview this week. “We’ve made huge investments and are continuing to make huge investments.”

‘WORST EXPERIENCE’

Now, even though the company says it has more than doubled its customer-service team this year, clients complain they’ve struggled to get quick help when their funds are disappearing.

“It was hands-down the worst experience when it comes to customer service,” said Bordner, who only resolved the issues after his account was locked for more than a month.

Meanwhile, the email accounts of Robinhood customers continue to entice hackers, and Dominitz said the problem may be “a hell of a lot” bigger than the 2,000 cases identified during the firm’s internal probe.

“Maybe that’s what they’ve been able to detect internally,” he said. “Maybe that’s what they’re seeing unauthorized activity on already, but that doesn’t mean that is the full scope of what’s been compromised.”

Latest News

 Younger Americans fear AI's retirement impact, Thrivent finds
Younger Americans fear AI's retirement impact, Thrivent finds

AI-driven job fears are weighing on retirement confidence, especially among Gen Z and Millennials, Thrivent survey finds

FINRA spanks Centaurus with $1.1 million penalty over variable annuity switches
FINRA spanks Centaurus with $1.1 million penalty over variable annuity switches

It’s the second time in as many years regulators have penalized Centaurus Financial for lack of compliance with Reg BI.

Wells Fargo touts AI Teammate to streamline advisors’ workloads
Wells Fargo touts AI Teammate to streamline advisors’ workloads

AI Teammate is embedded within Wells Fargo’s Advisor Gateway desktop platform.

Advisor moves: &Partners reels in $524M RayJay team, Focus firm Eton Advisors welcomes Northern Trust alum
Advisor moves: &Partners reels in $524M RayJay team, Focus firm Eton Advisors welcomes Northern Trust alum

Elsewhere, Ameriprise added a $470 million Wells team in New York, while an ex-Morgan Stanley advisor bolsters UBS' Austin, Texas office.

The exit planning conversations advisors need to have with business owners
The exit planning conversations advisors need to have with business owners

Financial advisors play an essential role in helping small business owners navigate their transition out of the company — and into retirement.

SPONSORED Direct indexing webinar targets tax-loss harvesting amid market swings

Northern Trust’s Ken Lassner shows advisors how to convert volatility into after-tax portfolio gains

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income