Dark Web Hackers: 10,000 Robinhood Accounts In Their Possession


Over 10,000 email login credentials have been allegedly linked to the Robinhood accounts. These accounts were put up for sale on the dark web as a reputed news outlet had revealed in their review of the dark web marketplaces. As stated by the chief executive officer of Q6 Cyber (an e-crime intelligence company), Eli Dominitz, the number of the Robinhood linked email accounts have outnumbered those for other brokerages by around 5-to-1. This derivation was possible through analyzing the prevalence of the advertisements on the darknet by the dark web hackers.

“If they feel that Robinhood gives them greater upside than trying to steal money from Bank of America, that’s what they’re going to do,” Dominitz said of the cyber-criminals and why there may be more demand for Robinhood accounts over other brokerages.

For months, the Robinhood customers have been complaining that their accounts have been hacked by the dark web hackers following which they had to struggle hard to get a response from the company. Through an internal investigation, it was found that nearly 2,000 accounts had been compromised by the dark web hackers. Robinhood also emphasized that it is not solely the brokerage subject to such attacks.

“It is not uncommon for cyber-criminals to target customers of financial-services companies by attempting to use information sourced from the dark web,” Robinhood said in an emailed statement, adding that the information is often inaccurate and that a stolen email alone isn’t enough to compromise a brokerage account.

The company had stated that there aren’t any signs of its systems getting breached and that it ensures several security measures including encouraging its customers to enable the two-factor authentication. On this matter, the company had also promised to compensate the customers fully in case they determine that they had lost money due to unauthorized activity of the dark web hackers.

It was also found that some stolen data posted on the markets and darknet hacker forums by the deep web hackers were linked to nearly 1,000 TD Ameritrade Holding Corp. accounts on a market named SlilPP, that is well known for hawking the stolen financial services and banking credentials.

“Cyber criminals are constantly evolving their tactics, and we work very hard to stay one step ahead of them,” TD Ameritrade spokeswoman Christina Goethe said in an emailed statement, noting that the company also offers security measures, including two-factor authentication.

Dominitz, who works with the other financial firms to monitor the threats mentions that the data that had been peddled on the dark web markets are typically accurate. However, it is still unclear if all of the credentials have been linked to the authenticate brokerage accounts. One of the recent offers for buying access to the Robinhood accounts stated that each credential was open to purchase at a meagre price of $3.50.

“Fresh DUMP Active accounts with orders! MAIL access only!”

Dominitz explained a typical hack may work like this: After commandeering a victim’s email, the thief requests a new password for the brokerage account and then intercepts the email sent in response, effectively locking out the account owner before they notice a problem. Some marketplaces are selling other information that could provide a different way of hacking into customer accounts. One of them advertised remote access to a laptop that had been infected with malware, revealing active Robinhood credentials.

A Robinhood customer who happens to be an electrical engineer from Washington had his email credentials put up for sale on the darknet markets by the dark web hackers. Initially, he did not know about this matter unless he found out from an identity theft protection service.

Dominitz said, “the problem may be “a hell of a lot” bigger than the 2,000 cases identified during the firm’s internal probe. Maybe that’s what they’ve been able to detect internally. Maybe that’s what they’re seeing unauthorized activity on already, but that doesn’t mean that is the full scope of what’s been compromised.”

Source: Bloomberg

Disclaimer: Read the complete disclaimer here.


Please enter your comment!
Please enter your name here