Nearly 2,000 brokerage accounts at Robinhood were compromised by an attack that gave hackers the ability to take over users’ trades and funds, sources revealed to Bloomberg on Thursday.
The number of hacked accounts is much bigger than previously thought when Robinhood said last week “a limited number” became a target of hackers after their personal data was compromised outside of its platform.
A person with knowledge of an internal review said the number increased as a result of its continuing investigation. However, it took another two weeks before Robinhood admitted that a larger number of accounts had been improperly accessed.
The security breach is believed to be the largest in Robinhood’s history and is particularly severe because the attackers stole access to brokerage accounts of clients who claim hey had set up two-factor authentication.
Many users complained that hackers liquidated their investments and withdrew balances to online payment apps, including Revolut, which said it has been made aware of the issue and is investigating the matter.
However, the exact number of affected accounts could not be determined. A company spokesperson said not all of the platform’s customers were alerted, only those whose credentials were affected by this discovery.
A user told Finance Magnates that he finds it hard to believe that the issue did not occur from a breach in the firm’s systems as none of his other accounts were breached.
“I cant seem to get any response from Robinhood other than the automated emails. I have cash management on the account and I thought as soon as the sold stock funds hit the account it would be FDIC insured but again no response from Robinhood. I still have a considerable amount of cash in the account but cannot get to it,” he added.
Bloomberg report also detailed the trials some of other users and how it went through when they tried to contact the brokerage, which doesn’t have a customer service phone number. However, sources told Bloomberg that Robinhood is now considering whether to add a phone number after customers accused it of acting far too slowly to keep this sort of fraud from happening.
Angry users took to Twitter and Reddit to blast Robinhood after the company’s support team failed to provide any meaningful help to stop the theft of their money. While the theft was in progress, investors that saw their money had vanished only received a frustrating email that reads:
“We always respond to customers reporting fraudulent or suspicious activity and work as quickly as possible to complete investigations. The security of Robinhood customer accounts is a top priority and something we take very seriously.”