Dark Web Hackers Say They Hold Keys To 10,000 Robinhood Accounts #GotBitcoin
The dark web is the underbelly of the internet, where cyber-criminals hunt for drugs, demand ransom and engage in trafficking. Dark Web Hackers Say They Hold Keys To 10,000 Robinhood Accounts #GotBitcoin
It’s also where hackers can buy and sell email credentials to access customer accounts at Robinhood Markets, the online brokerage that has drawn millions of users this year, many of them young and trading stocks for the first time.
Access to more than 10,000 email login credentials allegedly tied to Robinhood accounts were available for sale this week, according to a Bloomberg review of dark web marketplaces.
The number of Robinhood-related emails outnumber those for other brokerages by about 5-to-1, according to Eli Dominitz, chief executive officer of Q6 Cyber, an e-crime intelligence firm that analyzed the prevalence of these advertisements on the dark web.
Related:
Ultimate Resource On Robinhood And It’s Impact On Crypto-Currencies And Stocks
“If they feel that Robinhood gives them greater upside than trying to steal money from Bank of America, that’s what they’re going to do,” Dominitz said of the cyber-criminals and why there may be more demand for Robinhood accounts over other brokerages.
Robinhood customers have complained for months that their accounts have been hacked and that they’ve struggled to get the company to respond. An internal investigation found almost 2,000 accounts were compromised as a result of hacked emails, a person familiar with the matter said this month.
Robinhood emphasized that it’s not the only brokerage subject to such attacks.
“It is not uncommon for cyber-criminals to target customers of financial-services companies by attempting to use information sourced from the dark web,” Robinhood said in an emailed statement, adding that the information is often inaccurate and that a stolen email alone isn’t enough to compromise a brokerage account.
Trading Boom
The firm said there are no signs its systems were breached and it employs several security measures, while encouraging customers to enable two-factor authentication. Robinhood has also promised to fully compensate customers if the company determines they lost money because of unauthorized activity.
The availability of client credentials on the dark web highlights the challenge brokerages face in the Covid-19 era, as a boom in online trading has been accompanied by increased opportunities for cyber-criminals.
Bloomberg also found data linked to almost 1,000 TD Ameritrade Holding Corp. accounts on a marketplace called SlilPP, which is known for hawking stolen banking and financial-services credentials.
“Cyber criminals are constantly evolving their tactics, and we work very hard to stay one step ahead of them,” TD Ameritrade spokeswoman Christina Goethe said in an emailed statement, noting that the company also offers security measures, including two-factor authentication.
‘Digital Underground’
The data peddled on dark web marketplaces is typically accurate, though it’s unclear whether all of the credentials are tied to genuine brokerage accounts, according to Dominitz, who works with other financial firms to monitor threats.
One of the latest offers to buy access to Robinhood accounts came Wednesday with each credential available for as little as $3.50.
“Fresh DUMP Active accounts with orders! MAIL access only!”
Dominitz Explained A Typical Hack May Work Like This:
After commandeering a victim’s email, the thief requests a new password for the brokerage account and then intercepts the email sent in response, effectively locking out the account owner before they notice a problem.
Some marketplaces are selling other information that could provide a different way of hacking into customer accounts. One of them advertised remote access to a laptop that had been infected with malware, revealing active Robinhood credentials.
Locked Out
Robinhood customer Ryan Bordner, an electrical engineer in Spokane, Washington, was among those whose email credentials were sold on the dark web. Like many others, he woke up one morning in mid-August to find he was locked out of his brokerage account.
Bordner, 30, said he later learned from an identity-theft protection service that his email credentials wound up on the dark web following a June breach of another personal-finance app he had set up years earlier and forgotten about. The intruder used that access to change the password of his brokerage account and route all emails from Robinhood to his trash folder.
Hacking has been the latest headache for Robinhood, which was founded seven years ago by Baiju Bhatt and Vlad Tenev and has exploded in popularity this year as Americans stuck at home look to make some money during the pandemic.
The no-fee brokerage app has also attracted consumer complaints, with novice investors confused by the vagaries of stock options and margin loans and no one to reach for help by phone.
“We’re working on customer support across the board,” Tenev said in a CNBC interview this week. “We’ve made huge investments and are continuing to make huge investments.”
‘Worst Experience’
Now, even though the firm said it has more than doubled its customer-service team this year, clients complain they’ve struggled to get quick help when their funds are disappearing.
“It was hands-down the worst experience when it comes to customer service,” said Bordner, who only resolved the issues after his account was locked for more than a month.
Meanwhile, the email accounts of Robinhood customers continue to entice hackers, and Dominitz said the problem may be “a hell of a lot” bigger than the 2,000 cases identified during the firm’s internal probe.
“Maybe that’s what they’ve been able to detect internally,” he said. “Maybe that’s what they’re seeing unauthorized activity on already, but that doesn’t mean that is the full scope of what’s been compromised.”
Dark Web Hackers Say,Dark Web Hackers Say,Dark Web Hackers Say,Dark Web Hackers Say,Dark Web Hackers Say,Dark Web Hackers Say,Dark Web Hackers Say,Dark Web Hackers Say,
Related Articles:
Hackers Steal $2.3 Million From Trump Wisconsin Campaign Account
Crypto Scammers Deface Trump Campaign Website One Week From Elections
Telecoms Protocol From 1975 Exploited To Target 20 Crypto Executives
With Traders Far From Offices, Banks Bring Surveillance To Homes
A Millionaire Hacker’s Lessons For Corporate America
Container Shipping Line CMA CGM Says Data Possibly Stolen In Cyberattack
Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History
Hacker Releases Information On Las Vegas-Area Students After Officials Don’t Pay Ransom
Russian Troll Farms Posing As African-American Support For Donald Trump
US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists
These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier
Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off
Senate Panel’s Russia Probe Found Counterintelligence Risks In Trump’s 2016 Campaign
Bockchain Based Surveillance Camera Technology Detects Crime In Real-Time
Facebook Offers Money To Reel In TikTok Creators
How A Facebook Employee Helped Trump Win—But Switched Sides For 2020
Facebook Rebuffs Barr, Moves Ahead on Messaging Encryption
Facebook Ad Rates Fall As Coronavirus Undermines Ad Spending
Facebook Labels Trump Posts On Grounds That He’s Inciting Violence
Crypto Prediction Markets Face Competition From Facebook ‘Forecasts’ (#GotBitcoin?)
Coronavirus Is The Pin That Burst Facebook And Google Online Ads Business Bubble
OpenLibra Plans To Launch Permissionless Fork Of Facebook’s Stablecoin (#GotBitcoin?)
Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)
FTC Approves Roughly $5 Billion Facebook Settlement (#GotBitcoin?)
How Facebook Coin’s Big Corporate Backers Will Profit From Crypto
Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)
A Monumental Fight Over Facebook’s Cryptocurrency Is Coming (#GotBitcoin?)
Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)
Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users (#GotBitcoin?)
Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)
Advertisers Allege Facebook Failed to Disclose Key Metric Error For More Than A Year (#GotBitcoin?)
Ad Agency CEO Calls On Marketers To Take Collective Stand Against Facebook (#GotBitcoin?)
Thieves Can Now Nab Your Data In A Few Minutes For A Few Bucks (#GotBitcoin?)
New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)
Equifax, FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)
Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)
DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)
Lithuanian Man Pleads Guilty In $100 Million Fraud Against Google, Facebook (#GotBitcoin?)
Hack Alert! Buca Di Beppo, Owned By Earl Enterprises Suffers Data Breach Of 2M Cards (#GotBitcoin?)
SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)
Maxine Waters (D., Calif.) Rises As Banking Industry’s Overseer (#GotBitcoin?)
Leave a Reply
You must be logged in to post a comment.