Crypto trading app Robinhood sends out warnings after security blunder

Robinhood is a popular fintech company dealing in investments and stock trading with a lot of users, and those users recently received an alarming email. It would appear that the firm made a blunder in storing credentials by saving them as plain text. As a result, users are now being asked to change their passwords.

Normally, a tech company dealing with sensitive information such as credentials would store these details in an encrypted format. However, for some reason, Robinhood did so via vulnerable plain text for at least some users’ information. This prompted it to send out emails to users like Justin Cauchon who works at CNET, which he then shared on Twitter.

“Uh oh, looks like @RobinhoodApp was storing some credentials in plain text,” the Tweet reads.

As for the email itself, it was revealed that Robinhood actually uses an industry-grade system for storing sensitive user information. It only discovered the vulnerability for some users recently and has assured recipients of the email that the issue has been dealt with.

“When you set a password for your Robinhood account, we use an industry-standard process that prevents anyone at our company from reading it. On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your password may have been included,” the email reads.

“We resolved this issue, and after thorough review, found no evidence that this information was accessed by anyone outside of our response team.”

There were no further details about the incident offered such as when the issue was discovered and for how long the credentials were left in a readable format, TechCrunch reports. Robinhood simply focused on highlighting how fast it moved to address the matter, including in the statement that it provided to publications.

“We swiftly resolved this information logging issue. After a thorough review, we found no evidence that this customer information was accessed by anyone outside of our response team,” Robinhood statement reads.

Earlier this week, Robinhood raised $323 million in a recent Series E funding round led by DST Global. The fundraising positioned the company at a $7.6 billion post-money valuation.