Robinhood stored some user credentials in plaintext

Written 10 months ago by IanDorfman

Robinhood, a popular stock trading and investment service with an app available on both Android and iOS, notified users that potentially had their account credentials stored on their servers in plaintext.

Some users were notified of this via email correspondence from Small Robinhood iconRobinhood which stated the following:

"When you set a password for your Robinhood account, we use an industry-standard process that prevents anyone at our company from reading it. On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your password may have been included.

We resolved this issue, and after thorough review, found no evidence that this information was accessed by anyone outside of our response team."

When asked for comment by TechCrunch, a Robinhood representative said the following:

"We swiftly resolved this information logging issue. After a thorough review, we found no evidence that this customer information was accessed by anyone outside of our response team. Out of an abundance of caution, we have notified customers who may have been impacted and encouraged them to reset their passwords. We take our responsibility to customers seriously and place an immense focus on working to ensure their information is secure."

Outside of this correspondence and the notification sent via email, Robinhood would not divulge any other details about how the issue was discovered, how long this practice of storing credentials in plaintext had been occurring, or how many users were impacted by the issue.

Make sure to change the password you used for Robinhood, and make sure to use different passwords for different services. Password managers like Small LastPass iconLastPass and Small KeePass iconKeePass are convenient ways to make sure you can do this.

Further coverage:
TechCrunch