For stock exchange investors, services like Robinhood, an app that makes it easy to trade shares, have become a fundamental tool because of its ease of use and its lows, or even no commissions. However, web application security experts believe that using these services can lead to serious security issues and, in the worst case, huge economic losses.
Robinhood, the popular stock buying and selling app, has just notified its users of a service failure that caused improper storage of login data. These logs were stored in plain text, so they do not have any encryption for their protection. The developers of Robinhood did not mention the total number of affected users.
“A few days ago we discovered that some logins had been stored on our systems in a simple format; it is necessary to inform you that your password could have been compromised”, mentions the mail sent to users by the company.
After several web application security specialists learned of the incident, a Robinhood spokesperson stated for various media: “This is not a data breach or cyberattack incident against our systems; I would also like to point out that this incident does not affect all of our customers,” he said.
Encryption protects sensitive data held by companies in the event of hacking. If this were to happen, a hacker would find information composed of random characters instead of simply finding readable usernames and passwords. Companies like Google have also suffered technical errors that result in inadequate login data storage. The best option in cases like this is for users to reset their passwords, as well as ignoring potential phishing messages that try to take advantage of the confusion.
According to web application security specialists from the International Institute of Cyber Security (IICS), the app reported a considerable increase in its number of users, going from 4 to 6 million in a span of less than a year.
Robinhood is owned by a group of U.S. investors and provides services such as stock movements and cryptocurrency investments without commission. According to local media reports, the company has presented to the U.S. Treasury Department its intentions to become a formal banking institution, even it has already hired important officials from other banks to make the project more robust.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.