Nearly 2000 accounts of the trading app Robinhood have been hacked to an admission issued by them, downplaying the number as “limited”. The platform itself was not targeted directly.
Personal e-mails of the app users have been compromised and hackers gained access to the accounts through those e-mails.
Robinhood issued a statement:
“We always respond to customers reporting fraudulent or suspicious activity and work as quickly as possible to complete investigations. The security of Robinhood customer accounts is a top priority and something we take very seriously,"
The app also noted that users should enable two-factor authentication on their accounts and that when a customer notifies them of a otential breach on an account they restrict said account, investigate the unauthorized access, log the user out on all devices and request for a password reset.
Further reports, however, also note that some of the breached accounts did have two-factor authentication.
Source (https://www.forexbrokerz.com/news/nearly-2000-robinhood-accounts-hacked)
That last bit is very concerning - how did they manage to overcome the two-factor authentication?
Personal e-mails of the app users have been compromised and hackers gained access to the accounts through those e-mails.
Robinhood issued a statement:
“We always respond to customers reporting fraudulent or suspicious activity and work as quickly as possible to complete investigations. The security of Robinhood customer accounts is a top priority and something we take very seriously,"
The app also noted that users should enable two-factor authentication on their accounts and that when a customer notifies them of a otential breach on an account they restrict said account, investigate the unauthorized access, log the user out on all devices and request for a password reset.
Further reports, however, also note that some of the breached accounts did have two-factor authentication.
Source (https://www.forexbrokerz.com/news/nearly-2000-robinhood-accounts-hacked)
That last bit is very concerning - how did they manage to overcome the two-factor authentication?