Dark internet hackers say they’re keeping access to 10,000 Robinhood accounts

Internet Hackers
Dark internet hackers say they're keeping access to 10,000 Robinhood accounts

Links to even more than 10,000 email login credentials potentially connected to Robinhood accounts was up for sale this week.

The dark web is the underworld of the Internet, where cyber-criminals look for drugs, claim ransom, and engage in trafficking.

It’s also where hackers can purchase and sell e-mails to enter consumer accounts at Robinhood Markets, an online brokerage that has gained millions of customers this year, many of them young and buying stocks for the very first time.

Links to more than 10,000 email login credentials potentially connected to Robinhood accounts was available for sale this week, according to Bloomberg ‘s analysis of dark web markets. The amount of Robinhood-related emails outnumbers those for other brokerages by around 5-to-1, as per Eli Dominitz, Chief Executive Officer of Q6 Cyber, an e-crime research company that studied the incidence of these advertising on the dark web.

“If they find like Robinhood brings them more upside down than they’re trying to take cash from Bank of America, that’s what they’re going to do,” Dominitz said of cyber criminals, and why there may be more interest for Robinhood accounts among other brokerages.

For months, Robinhood consumers complained that their accounts had been hacked and that they had failed to get the company to reply. An internal audit revealed that nearly 2,000 accounts had been compromised as a result of hacked emails, a source familiar with the matter said this month.

Robinhood points out that this is not the only brokerage that has been exposed to such assaults.

“It is not unusual for cyber criminals to attack clients of financial services firms by seeking to use data from the dark web,” Robinhood said in an email comment, noting that the info is always incorrect and that compromised email alone is not enough to compromise a brokerage account.

The Trade Boom

The firm confirmed that there are no signs that its networks have been hacked and that it employs a number of security measures, while urging consumers to allow two-factor authentication. Robinhood has since promised to adequately refund consumers if the organisation decides that they have lost revenue due to illegal activity.

The availability of customer credentials on the dark web highlights the problem facing brokerages in the Covid-19 period, as the surge in internet trading has been matched by expanded opportunity for cyber criminals.

Bloomberg has finds data related to nearly 1,000 TD Ameritrade Holding Corp. accounts on the marketplace called SlilPP, which is known for hawking stolen banking and financial-service credits.

“Cyber criminals are continuously changing their strategies, and we are working very hard to keep one step ahead of them,” said TD Ameritrade spokesperson Christina Goethe in an e-mailed statement , adding that the firm still provides security measures, including two-factor authentication.

“Digital underground”

The data on dark web markets is generally reliable, but it is not clear if all the credits are connected to actual trading accounts, according to Dominitz, who works with other financial companies to track the risks.

One of the new offers to purchase keys to Robinhood accounts arrived on Wednesday with each credential available for as little as $3.50.

“New DUMP Active Order Accounts! MAIL Access Only!”

Dominitz explained that a typical hack could work like this:

After ordering the victim’s email, the hacker demands a new password for the brokerage account and then intercepts the email sent in response, essentially locking the owner of the account until they find a problem.

Any marketplaces are offering other details that may offer a new way to break into consumer accounts. One of them promoted remote access to a laptop that had been compromised with ransomware and disclosed active Robinhood credential. 

Shut out  

Robinhood user Ryan Bordner, an electrical engineer in Spokane, Washington, was among those whose email credential was offered on the dark web. Like several others, he woke up one morning in mid-August to find that he was shut out of his brokerage account.

Bordner, 30, said he later discovered from the identity-theft security provider that his email credential had ended up on the dark web after a June breach in another personal-finance application that he had set up years earlier and had forgotten about. The attacker used this connexion to reset passwords of his brokerage account and route all emails from Robinhood to his trash folder.

Hacking was the new headache for Robinhood, created seven years ago by Baiju Bhatt and Vlad Tenev, and exploded in popularity this year as Americans stuck at home looked to make some cash during the pandemic. The non-fee brokerage software also drew customer concerns, with inexperienced buyers puzzled by the vagaries of stock options and margin lending, with no one on the phone to get help.

“We’re working around the board on customer service,” Tenev said in a CNBC interview this week. “We’ve made big investments and are going to make huge investments.”