Robinhood stored passwords in plaintext, so change yours now
Investment and stock trading app Robinhood stored some user credentials, including passwords, in plaintext on internal systems, the company revealed today. This particularly dangerous security misstep could have seriously exposed its users, though it says that it has no evidence the data was accessed improperly. Better change your password now.
Sensitive data like passwords and personal information are generally kept encrypted at all times. That way if the worst came to pass and a company’s databases were exposed, all the attacker would get is a bunch of gibberish. Unfortunately it seems that there might have been a few exceptions to that rule.
A number of users, including CNET’s Justin Cauchon, received the following notice from Robinhood in an email:
When you set a password for your Robinhood account, we use an industry-standard process that prevents anyone at our company from reading it. On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your password may have been included.
We resolved this issue, and after thorough review, found no evidence that this information was accessed by anyone outside of our response team.
This post was originally published on this site