Dark web hackers offer to sell more than 10,000 login keys to Robinhood’s online stock-trading accounts
- Access to more than 10,000 email login credentials allegedly tied to Robinhood accounts were up for sale this week, according to a Bloomberg review of dark web marketplaces
- The number of Robinhood-related emails outnumber those for other brokerages by about 5-to-1, analysts say
Access to more than 10,000 email login credentials allegedly tied to Robinhood accounts were available for sale this week, according to a Bloomberg review of dark web marketplaces. The number of Robinhood-related emails outnumber those for other brokerages by about 5-to-1, according to Eli Dominitz, chief executive officer of Q6 Cyber, an e-crime intelligence firm that analysed the prevalence of these advertisements on the dark web.
Robinhood emphasised that it’s not the only brokerage subject to such attacks.
The firm said there are no signs its systems were breached and it employs several security measures, while encouraging customers to enable two-factor authentication. Robinhood has also promised to fully compensate customers if the company determines they lost money because of unauthorised activity.
The availability of client credentials on the dark web highlights the challenge brokerages face in the Covid-19 era, as a boom in online trading has been accompanied by increased opportunities for cybercriminals.
Bloomberg also found data linked to almost 1,000 TD Ameritrade Holding accounts on a marketplace called SlilPP, which is known for hawking stolen banking and financial-services credentials.
“Cyber criminals are constantly evolving their tactics, and we work very hard to stay one step ahead of them,” TD Ameritrade spokeswoman Christina Goethe said in an emailed statement, noting that the company also offers security measures, including two-factor authentication.
The data peddled on dark web marketplaces is typically accurate, though it’s unclear whether all of the credentials are tied to genuine brokerage accounts, according to Dominitz, who works with other financial firms to monitor threats.
One of the latest offers to buy access to Robinhood accounts came Wednesday with each credential available for as little as US$3.50.
“Fresh DUMP Active accounts with orders! MAIL access only!”
Dominitz explained a typical hack may work like this:
After commandeering a victim’s email, the thief requests a new password for the brokerage account and then intercepts the email sent in response, effectively locking out the account owner before they notice a problem.
Some marketplaces are selling other information that could provide a different way of hacking into customer accounts. One of them advertised remote access to a laptop that had been infected with malware, revealing active Robinhood credentials.
Robinhood customer Ryan Bordner, an electrical engineer in Spokane, Washington, was among those whose email credentials were sold on the dark web. Like many others, he woke up one morning in mid-August to find he was locked out of his brokerage account.
Bordner, 30, said he later learned from an identity-theft protection service that his email credentials wound up on the dark web following a June breach of another personal-finance app he had set up years earlier and forgotten about. The intruder used that access to change the password of his brokerage account and route all emails from Robinhood to his trash folder.
Hacking has been the latest headache for Robinhood, which was founded seven years ago by Baiju Bhatt and Vlad Tenev and has exploded in popularity this year as Americans stuck at home look to make some money during the pandemic. The no-fee brokerage app has also attracted consumer complaints, with novice investors confused by the vagaries of stock options and margin loans and no one to reach for help by phone.
“We’re working on customer support across the board,” Tenev said in a CNBC interview this week. “We’ve made huge investments and are continuing to make huge investments.”
Now, even though the firm said it has more than doubled its customer-service team this year, clients complain they’ve struggled to get quick help when their funds are disappearing.
“It was hands-down the worst experience when it comes to customer service,” said Bordner, who only resolved the issues after his account was locked for more than a month.
Meanwhile, the email accounts of Robinhood customers continue to entice hackers, and Dominitz said the problem may be “a hell of a lot” bigger than the 2,000 cases identified during the firm’s internal probe.
“Maybe that’s what they’ve been able to detect internally,” he said. “Maybe that’s what they’re seeing unauthorised activity on already, but that doesn’t mean that is the full scope of what’s been compromised.”