Skip to main content

Robinhood stored passwords in plaintext, so change yours now

Investment and stock trading app Robinhood stored some user credentials, including passwords, in plaintext on internal systems, the company revealed today. This particularly dangerous security misstep could have seriously exposed its users, though it says that it has no evidence the data was accessed improperly. Better change your password now.

Sensitive data like passwords and personal information are generally kept encrypted at all times. That way if the worst came to pass and a company’s databases were exposed, all the attacker would get is a bunch of gibberish. Unfortunately it seems that there might have been a few exceptions to that rule.

A number of users, including CNET’s Justin Cauchon, received the following notice from Robinhood in an email:

When you set a password for your Robinhood account, we use an industry-standard process that prevents anyone at our company from reading it. On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your password may have been included.

We resolved this issue, and after thorough review, found no evidence that this information was accessed by anyone outside of our response team.

It seems that if it were truly “industry-standard,” then the rest of the industry would also have stored passwords in plaintext. Come to think of it, that would explain a lot, since Google, Facebook, Twitter, and others have all managed to make this same mistake recently.

A Robinhood representative stressed the rapidity of the company’s response to the issue, though they would not comment on how it was first discovered, nor how long the data was stored that way, nor what deviation from these industry norms caused the problem, nor how many users were affected, nor whether answers to these questions would ever be forthcoming. They did offer the following statement:

We swiftly resolved this information logging issue. After a thorough review, we found no evidence that this customer information was accessed by anyone outside of our response team. Out of an abundance of caution, we have notified customers who may have been impacted and encouraged them to reset their passwords. We take our responsibility to customers seriously and place an immense focus on working to ensure their information is secure.

If you got an email, you were among the unlucky few many majority handful some, so change your password. If you didn’t get an email… also change your password. You can never be too careful.



from Startups – TechCrunch https://ift.tt/2Y57RTV
Labels:

Comments

Post a Comment

Popular posts from this blog

Axeleo Capital raises $51 million fund

Axeleo Capital has raised a $51 million fund (€45 million). Axeleo first started with an accelerator focused on enterprise startups. The firm is now all grown up with an acceleration program and a full-fledged VC fund. The accelerator is now called Axeleo Scale , while the fund is called Axeleo Capital . And it’s important to mention both parts of the business as they work hand in hand. Axeleo picks up around 10 startups per year and help them reach the Series A stage. If they’re doing well over the 12 to 18 months of the program, Axeleo funds those startups using its VC fund. Limited partners behind the company’s first fund include Bpifrance through the French Tech Accélération program, the Auvergne-Rhône-Alpes region, Vinci Energies, Crédit Agricole, BNP Paribas, Caisse d’Épargne Rhône-Alpes as well as various business angels and family offices. The firm is also partnering with Hi Inov, the holding company of the Dentressangle family. Axeleo will take care of the early stage in...
Post a Comment
Read more

TikTok’s rivals in India struggle to cash in on its ban

For years, India has served as the largest open battleground for Silicon Valley and Chinese firms searching for their next billion users. With more than 400 million WhatsApp users , India is already the largest market for the Facebook-owned service. The social juggernaut’s big blue app also reaches more than 300 million users in the country. Google is estimated to reach just as many users in India, with YouTube closely rivaling WhatsApp for the most popular smartphone app in the country. Several major giants from China, like Alibaba and Tencent (which a decade ago shut doors for most foreign firms), also count India as their largest overseas market. At its peak, Alibaba’s UC Web gave Google’s Chrome a run for its money. And then there is TikTok, which also identified India as its biggest market outside of China . Though the aggressive arrival of foreign firms in India helped accelerate the growth of the local ecosystem, their capital and expertise also created a level of competit...
Post a Comment
Read more