Stock trading app Robinhood says user passwords were readable on internal systems
Stock trading service Robinhood sent an email to users Wednesday informing them that user credentials were stored in an insecure format inside the company’s internal systems.
According to the email obtained by CyberScoop, the problem was discovered Monday night by the company’s security team.
“We resolved this issue, and after thorough review, found no evidence that this information was accessed by anyone outside of our response team,” the email reads.
A Robinhood spokesperson told CyberScoop that the company has no evidence users’ information was accessed, or that the issue meant user information was breached.
“Out of an abundance of caution, we have notified customers who may have been impacted and encouraged them to reset their passwords,” a Robinhood spokesperson told CyberScoop. “We take our responsibility to customers seriously and place an immense focus on working to ensure their information is secure.”
Robinhood would not divulge how the error was found or how many customers were impacted.
The incident is reminiscent of a similar issue social media giant Facebook revealed in March, where an internal investigation uncovered that between 200 million and 600 million Facebook users may have had their passwords stored in plain text and searchable by more than 20,000 employees.
The company allows users to make stock trades and buy cryptocurrency without commission fees. Earlier this week, the company announced a Series E funding round of $323 million.
The full email reads as follows:
When you set a password for your Robinhood account, we use an industry-standard process that prevents anyone at our company from reading it. On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your Robinhood password may have been included.
We resolved this issue, and after thorough review, found no evidence that this information was accessed by anyone outside of our response team. Out of an abundance of caution, we still recommend that you change your Robinhood password.
We take matters like this seriously. Earning and maintaining your trust is our top priority, and we’re committed to protecting your information. Let us know if you have any questions–we’re here to help.
Sincerely,
The Robinhood Team
