Stock Trading App Robinhood Says User Passwords were Readable on Internal Systems (Jul 24, 2019)
The stock-trading application “Robinhood” has confirmed that its security team detected on July 22, 2019 that the application was storing usernames and associated passwords in plain text inside the company’s systems. A spokesperson for Robinhood stated that customers who may be affected by this incorrect data storage were notified by email and that, as of this writing, it appears that the data was not accessed by anyone who was unauthorized.
Recommendation: It is crucial that your company has password policies in place to avoid repetition across accounts and those that be easily brute-force attacked. Education is the best defense. Using secure and unique passwords for all online accounts is important with penetration-testing tools freely available that could be used by threat actors for malicious purposes.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.