Robinhood stored some user credentials in plaintext
Robinhood, a popular stock trading and investment service with an app available on both Android and iOS, notified users that potentially had their account credentials stored on their servers in plaintext.
Some users were notified of this via email correspondence from Robinhood which stated the following:
"When you set a password for your Robinhood account, we use an industry-standard process that prevents anyone at our company from reading it. On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your password may have been included.
We resolved this issue, and after thorough review, found no evidence that this information was accessed by anyone outside of our response team."
When asked for comment by TechCrunch, a Robinhood representative said the following:
"We swiftly resolved this information logging issue. After a thorough review, we found no evidence that this customer information was accessed by anyone outside of our response team. Out of an abundance of caution, we have notified customers who may have been impacted and encouraged them to reset their passwords. We take our responsibility to customers seriously and place an immense focus on working to ensure their information is secure."
Outside of this correspondence and the notification sent via email, Robinhood would not divulge any other details about how the issue was discovered, how long this practice of storing credentials in plaintext had been occurring, or how many users were impacted by the issue.
Make sure to change the password you used for Robinhood, and make sure to use different passwords for different services. Password managers like LastPass and KeePass are convenient ways to make sure you can do this.