Robinhood users are reporting instances of their stock-trading accounts being looted and racking up unwanted trades and withdrawal, to little support from Robinhood itself.
Robinhood is a popular stock-trading app that has skyrocketed in use and popularity in 2020. It’s a no-fee stock-trading platform, meaning users can buy and sell stocks freely (among other things). Recently, however, various Robinhood users have reported similar issues, suddenly finding that their accounts have been completely withdrawn with account history showing that someone had sold all their investments.
Exacerbating the problem is the fact that Robinhood has not offered much support—there’s no direct phone number to call and messages affected users have received estimate a wait time of weeks before any issue is resolved, a significant amount of time for those who have lost thousands of dollars in their account.
Robinhood has pointed and recommended users to enable 2FA but some victims had 2FA enabled and claim that they used a unique email and password for their Robinhood account (meaning it could not have been leaked via some other data breach).
Evidence has shown that the withdrawn funds have gone to accounts opened with Revolut, a London-based finance app. They’re currently investigating matters as well.
If you have a Robinhood account, enable 2FA. Whether these attacks are part of some larger hack or just made possible by information leaked with data breaches is not known but having 2FA on for your important accounts, especially financial ones, is highly recommended.
We also noticed that their webapp login doesn’t prevent password-stuffing. Meaning, a hacker can enter a password in as many times as they want without being locked out. This makes it even easier for a hacker to access an account because they only need an email address and, with time, will eventually enter in the right password.
To learn more, check out the Bloomberg article here.