"I Don't Really Trust Them": 2,000 Robinhood Accounts Hacked, Some Had Funds Siphoned To External Accounts

Almost 2,000 Robinhood accounts have been compromised by hackers who stole users funds, according to a person with knowledge of an internal review that took place at the company. 

Days ago we published  a story about Robinhood users who had seen their accounts looted and were at their wits' end with the company's customer service. Many affected claimed they were unable to contact anyone at the company after logging into their accounts and seeing their funds siphoned to external accounts. Robinhood claimed it was only “a limited number” of accounts that had been affected. 

Now, Bloomberg notes that these users weren't just one-offs, but rather part of a larger group of customers who had been compromised. Some users said they saw no signs of hacking and had two-factor authentication enabled on their phones for extra protection. 

One user, Miah Brittany Laino, said that two factor stopped one person from accessing her account on September 13 and then, after following Robinhood's suggestion to change her password, her account was still hacked. The next morning she woke up to a nightmarish barrage of messages: “It said ‘This stock sold. This stock sold. This stock sold.’ It’s like if you wake up at 4
a.m. and your house is on fire.”

She said she received no response from the company and was unable to find a customer service phone number. She got a call from Robinhood on September 25, she said, informing her someone had created a fake ID under her name to re-activate her account, which had already been locked down for security reasons.

Robinhood eventually restored her money and her stock, but she says she will likely leave the brokerage: “I don’t want to sell right now. But I’m not going to put any more money into it. I don’t really trust them.”

Another customer, Robert Riachi, says his account is still "in limbo". He told Bloomberg that "thousands of dollars" had gone missing from his account and that the company has assigned him 10 different case numbers, even after submitting his ID to try and straighten out the issue. He had four years of savings in his account and says he will move to Schwab when he gets his money back.

“I feel like my money could be put somewhere else, somewhere that has a human person that I can talk to. It’s kind of ridiculous that an investment app that’s handling people’s livelihoods, people’s money, has the audacity to make people wait several weeks to hear back anything,” he said.

Bill Hurley, who lost $5,000 from the same type of hack, simply said last week that Robinhood has "had more than enough time to deal with this". 

Another user, Pruthvi Rao, said his Netflix shares were liquidated from his account and $2,850 was withdrawn from it. He said last week he had sent "more than a dozen" email to Robinhood and has tried to even message some of the brokerage's executives on LinkedIn. His account was frozen by Robinhood due to the activity and has since been reinstated. 

Rao said last week: “I’m in tremendous mental stress right now because this is all of my savings.”

Recall, earlier today we noted that Robinhood appeared to be taking the "friendly" step of once again allowing its user data to be collected for purposes of disclosing how many of its users hold which securities. 

Recall, it was about two months ago we noted that Robinhood was going to stop sharing its user data, effectively shutting down RobinTrack.net - a site that was being used to monitor the holdings of retail customers. The site was popular with the investing public - and especially by hedge funds and institutions who would scrape and monitor its data to get a pulse on the markets.

Perhaps the concession was an olive branch in advance - but maybe Robinhood needs to focus more on protecting its user data instead of giving it away, given this newest story.