Robinhood internal probe finds hackers hit almost 2,000 accounts

Robinhood internal probe finds hackers hit almost 2,000 accounts
Robinhood, with more than 13 million accounts, is considering whether to add a customer service phone number
OCT 15, 2020

Almost 2,000 Robinhood Markets accounts were compromised in a recent hacking spree that siphoned off customer funds, a sign that the attacks were more widespread than was previously known.

A person with knowledge of an internal review, who asked not to be identified because the findings aren’t public, provided the estimated figure.

When Bloomberg first reported on the hacking spree last week, the popular online brokerage disclosed few details. It said “a limited number” of customers had been struck by cybercriminals who gained access by breaching personal email accounts outside of Robinhood, an assertion that some of the victims acknowledge and others reject.

The attacks unleashed a torrent of complaints on social media, where investors recounted futile attempts to call the brokerage, which doesn’t have a customer service phone number.

Robinhood, which has more than 13 million customer accounts, is now considering whether to add a phone number along with other tools, the person said.

“We always respond to customers reporting fraudulent or suspicious activity and work as quickly as possible to complete investigations,” the company said in an emailed statement. “The security of Robinhood customer accounts is a top priority and something we take very seriously.”

This week, Robinhood sent push notifications to users suggesting they enable two-factor authentication on their accounts. It also plans to send customers more advice on security, according to the statement.

Several victims said they found no sign of criminals compromising their email accounts. And some said their brokerage accounts were accessed even though they had set up two-factor authentication.

Lena Williams, a human resources professional in the Chicago area, can’t figure out how hackers got into her account more than a month ago. She found no intrusion into her email and had set up two-factor authentication. But one day, she woke up to alerts that her investments were being sold, and she quickly discovered she was locked out of the account.

Robinhood has said it will work quickly with customers to secure their holdings. Williams said her account was hit Sept. 10 and that her repeated emails and a Twitter message weren’t returned until Thursday.

Miah Brittany Laino, who works at a home improvement store in Arizona, thought her account was safe for several reasons. She said two-factor authentication initially blocked someone from accessing it on Sept. 13. She then followed Robinhood’s instructions to change her password. The firm said it would prevent trading until she submitted her identification. She didn’t bother to send it in, figuring it would be safer to leave the account disabled.

Early the next morning she received a barrage of alerts on her phone. “It said ‘This stock sold. This stock sold. This stock sold,’” recalled Laino, 29. “It’s like if you wake up at 4 a.m. and your house is on fire.”

FAKE ID

Unable to find a phone number, Laino said she emailed customer support but received no response. Then she checked her email’s trash bin and discovered someone had accessed it, setting it up to intercept messages from Robinhood. Laino said she got a call from customer support on Sept. 25. That’s when she learned someone had created fake identification and submitted it to Robinhood to reactivate trading. The forgery had her information, a photo of a different person and a font that doesn’t match Arizona’s official state IDs.

Laino said Robinhood restored her account and stock holdings, but she still plans to eventually leave the firm.

“I don’t want to sell right now,” she said. “But I’m not going to put any more money into it. I don’t really trust them.”

Robert Riachi, 23, is still in limbo.

He said his email was compromised more than a week ago and that thousands of dollars went missing from his Robinhood account. Its customer support team asked him to provide ID, but Riachi said that since submitting it he hasn’t received updates. Each time he asked for one, he got a new case number and now has about 10 of them, he said, noting three are active.

Riachi, a software engineer in Montreal, said he had four years of savings in his account and doesn’t know whether they’re gone because he’s locked out. If he gets the money back, he plans to move his account to Charles Schwab Corp.

“I feel like my money could be put somewhere else, somewhere that has a human person that I can talk to,” Riachi said. “It’s kind of ridiculous that an investment app that’s handling people’s livelihoods, people’s money, has the audacity to make people wait several weeks to hear back anything.”

Latest News

Y Charts acquires Informa's Zephyr to bolster SMA analytics for advisors
Y Charts acquires Informa's Zephyr to bolster SMA analytics for advisors

The acquisition pairs Zephyr's 21,000-product separately managed account database with Y Charts' newly launched AI agent assistant for investment research.

Advisor moves: Raymond James, Ameriprise, and Janney announce additions in Florida
Advisor moves: Raymond James, Ameriprise, and Janney announce additions in Florida

The war for talent continues in the Sunshine State with as Truist and RayJay teams managing a collective $1 billion in client assets defect to other firms.

Retirement’s new magic number? Workers say they’ll need $1.2 million
Retirement’s new magic number? Workers say they’ll need $1.2 million

Americans now estimate they need $1.2 million to retire comfortably, but rising costs and debt are making that goal increasingly difficult to reach.

Can mega RIAs go public? Integration may decide it, veteran leaders say
Can mega RIAs go public? Integration may decide it, veteran leaders say

Crewe Advisors' Ryan Halliday and Accelerated Wealth Partners' Eric Amar suggest mega RIA's readiness to integrate — not just scale — will determine whether an IPO exit actually works.

IPOs pay off for Morgan Stanley and its advisors
IPOs pay off for Morgan Stanley and its advisors

Morgan Stanley was co-lead underwriter for SPCX, reportedly generating $100 million in investment banking fees.

SPONSORED Direct indexing webinar targets tax-loss harvesting amid market swings

Northern Trust’s Ken Lassner shows advisors how to convert volatility into after-tax portfolio gains

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income