October 11, 2020 | technology | No Comments
Accounts Looted, Customers Watched Helplessly
Have a problem at Robinhood? Well, that’s too damn bad.
Robinhood might take 3 weeks to get back to you, even in cases of fraud in progress.
Please consider No One at Robinhood to Call
It took Soraya Bagheri a day to learn that 450 shares of Moderna Inc. had been liquidated in her Robinhood account and that $10,000 in withdrawals were pending. But after alerting the online brokerage to what she believed was a theft in progress, she received a frustrating email.
The firm wrote it would investigate and respond within “a few weeks.” Now her money is gone.
Pruthvi Rao, a Chicago software engineer, said his account was hit on Oct. 6. His bet on Netflix Inc. was liquidated and $2,850 was soon withdrawn. He said he’s sent more than a dozen emails to Robinhood’s customer support address, and that he even tried messaging some of the brokerage’s executives on LinkedIn.
Rao showed Bloomberg the same emailed response from Robinhood that Bagheri received. “We understand the sensitivity of your situation and will be escalating the matter to our fraud investigations team,” Robinhood customer service agents wrote them. “Please be aware that this process may take a few weeks, and the team working on your case won’t be able to provide constant updates.”
Robinhood Blames the Users
“A limited number of customers appear to have had their Robinhood account targeted by cyber criminals because of their personal email account (that which is associated with their Robinhood account) being compromised outside of Robinhood,” a spokesman for the company said in an email. “We’re actively working with those impacted to secure their accounts.”
No doubt people had weak passwords. But it appears Robinhood had no controls preventing the change of critical information.
Financial institutions, including Robinhood, should have a two-stage authentication system to prevent such fraud, and it should work.
Two-stage authentication ought to be mandatory, not optional.
Rao claims to have setup two-stage authentication. If so, something went wrong.
I smell lawsuits.
Question of the Day
Should the SEC shut down this pathetic operation?