Stock Trader Robinhood Passwords stored in clear
The Robinhood stock investing and trading app recently admitted to storing user credentials such as plaintext passwords (via TechCrunch).
Robinhood says it discovered the passwords in their system, but found no evidence that they were viewed by “anyone outside of our response team.” Ideally, passwords should also be protected from employees. An email was sent to customers notifying them of the incident, which reads:
When you set a password for your Robinhood account, we use an industry standard process that prevents anyone in our company from reading it. On Monday evening, we discovered that some user credentials were stored in a readable format in our internal systems. We wanted to let you know that your Robinhood password may have been included.
We fixed this issue and upon close examination, we found no evidence that this information was viewed by anyone outside of our response team. To be on the safe side, we still recommend that you change your Robinhood password.
We take these kinds of things seriously. Earning and maintaining your trust is our top priority, and we are committed to protecting your information. Let us know if you have any questions, we’re here to help
Hopefully Robinhood doesn’t think “plain text” is an industry standard. Although, as Devin Coldewey points out, it might as well be a norm, since Google, Facebook, Twitter, and others have been caught doing the same.
[G Suite Passwords Stored in Plaintext Since 2005]
[Hundreds of Millions of Facebook Passwords Were Stored as Plain Text. For Years.]