Some user passwords were stored in plaintext, says stock brokerage app Robinhood

• However, the company has not disclosed the exact number of users impacted by the security lapse.
• Robinhood is a stock trading firm based in California and offers commission-free trading and cryptocurrency-related services.

Stock trading company Robinhood has admitted to storing passwords of some of its users in plaintext. The California-based firm said that it came across this security lapse on Monday this week. In an email, it informed affected users of the incident. Robinhood goes on to mention that the issue was resolved and it found no instances of accounts being accessed by outsiders. However, no technical details have been provided by the company.

The big picture

• Robinhood is a stock trading firm based in California, US. It is known for providing web and mobile service of zero-commission trading which includes US stocks, options, exchange-traded funds (ETF) and cryptocurrencies.
• The password security lapse was discovered the same day where Robinhood announced a Series E funding of $323 million. The company currently is $7.6 billion in valuation.
• The email mentions that the passwords were stored in ‘a readable format’. “On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your Robinhood password may have been included,” read the mail. The exact number of users impacted is still unknown.

Worth noting

Lately, many organizations have admitted storing user passwords in plaintext. Most notable among them are the incidents related to Google and Facebook. In March this year, Facebook disclosed that it stored ‘hundreds of millions’ of user passwords in plaintext. This also included users of Instagram and Facebook Lite.

Likewise, Google admitted that it was storing unhashed, plaintext passwords for some of its G Suite users since 2005. It said that the issue arose due to a faulty implementation of a feature in G Suite. For organizations that serve millions of users, security lapses such as this can cripple their businesses if exploited on a large scale.