Robinhood, which has helped popularize trading among millennials thanks to its “zero-cost” trading model, has seen multiple outages since March. This is due to a recent upsurge in day trade by retail investors resulting in higher-than-usual traffic to its app.
“A limited number of customers appear to have had their Robinhood account targeted by cyber criminals because of their personal email account (that which is associated with their Robinhood account) being compromised outside of Robinhood,” a Robinhood spokesman said in an email. “We’re actively working with those impacted to secure their accounts.”
While Robinhood says that it's working with affected customers, some of these customers are saying otherwise. They claim that the company’s response has left them in limbo in recent weeks.
Worse, since the company has no emergency phone number, they say that they've been unable to intervene while they see their money vanish.
“They don’t have a customer service line, which I’m quite shocked about,” exclaimed Soraya Bagheri, who saw her 450 shares in Moderna Inc. liquidated and $10,000 withdrawn from her account due to the hacks.
According to Bagheri, a Washington attorney, when she tried alerting the company to what she believed was a theft in progress, all she got was an email saying that the firm would investigate and respond within “a few weeks.”
Pruthvi Rao, a Chicago software engineer who saw his Netflix stocks liquidated and $2,850 withdrawn, also said that he got the same email.
“We understand the sensitivity of your situation and will be escalating the matter to our fraud investigations team,” read the email which Rao showed to Bloomberg. “Please be aware that this process may take a few weeks, and the team working on your case won’t be able to provide constant updates.”
This slow response has understandably left many affected customers frustrated.
“They’ve had more than enough time to deal with this,” said Bill Hurley. The metal-fabrication shop owner said that he had emailed Robinhood when he noticed that stock had been sold from his account and $5,000 was being transferred out in two pending transactions. Hurley, however, said that he did not receive any response from the company at that time.
Hurley, Bagheri and other victims of the hack have since reached out to the Securities and Exchange Commission (SEC) for help.
Alongside frustration at Robinhood’s customer support, affected users like Bagheri and Rao are disputing the company’s claim that the hacks were not caused by an attack on their system.
Both Bagheri and Rao claim that Robinhood’s assertion that their emails were hacked is false.
Bagheri stated that she was certain that her Robinhood password was unique from her other passwords, including her email. Meanwhile, Rao said that he had set up two-factor authentication to access his account.
Neither believed that they had been the victims of malware or phishing scams. More importantly, both said that they used the same email for Robinhood and other accounts but that only their Robinhood account had been affected.
Whether or not this really is the case and Robinhood's security has been breached is currently unknown as of reporting time.
What isn't unknown, however, is where the money is going. Robinhood's own online portal shows that the money of the affected users was transferred to other online fintech apps. One of these is the London-based Revolut, which also offers “zero-cost” trading, similar to Robinhood.
“Revolut has been made aware of the issue and is investigating urgently,” a company spokesman wrote in an email.
Follow Risk.news for more on the possible dangers of online investment.
Sources include: