The dark web is the underbelly of the internet, where cyber-criminals hunt for drugs, demand ransom and engage in trafficking.
It’s also where hackers can buy and sell email credentials to access customer accounts at Robinhood Markets, the online brokerage that has drawn millions of users this year, many of them young and trading stocks for the first time.
Access to more than 10,000 email login credentials allegedly tied to Robinhood accounts were available for sale this week, according to a Bloomberg review of dark web marketplaces. The number of Robinhood-related emails outnumber those for other brokerages by about 5-to-1, according to Eli Dominitz, chief executive officer of Q6 Cyber, an e-crime intelligence firm that analyzed the prevalence of these advertisements on the dark web.
“If they feel that Robinhood gives them greater upside than trying to steal money from Bank of America, that’s what they’re going to do,” Dominitz said of the cyber-criminals and why there may be more demand for Robinhood accounts over other brokerages.
Robinhood customers have complained for months that their accounts have been hacked and that they’ve struggled to get the company to respond. An internal investigation found almost 2,000 accounts were compromised as a result of hacked emails, a person familiar with the matter said this month.
Robinhood emphasized that it’s not the only brokerage subject to such attacks.
“It is not uncommon for cyber-criminals to target customers of financial-services companies by attempting to use information sourced from the dark web,” Robinhood said in an emailed statement, adding that the information is often inaccurate and that a stolen email alone isn’t enough to compromise a brokerage account.
Trading Boom
The firm said there are no signs its systems were breached and it employs several security measures, while encouraging customers to enable two-factor authentication. Robinhood has also promised to fully compensate customers if the company determines they lost money because of unauthorized activity.
The availability of client credentials on the dark web highlights the challenge brokerages face in the Covid-19 era, as a boom in online trading has been accompanied by increased opportunities for cyber-criminals.
Bloomberg also found data linked to almost 1,000 TD Ameritrade Holding Corp. accounts on a marketplace called SlilPP, which is known for hawking stolen banking and financial-services credentials.
“Cyber criminals are constantly evolving their tactics, and we work very hard to stay one step ahead of them,” TD Ameritrade spokeswoman Christina Goethe said in an emailed statement, noting that the company also offers security measures, including two-factor authentication.
‘Digital Underground’
The data peddled on dark web marketplaces is typically accurate, though it’s unclear whether all of the credentials are tied to genuine brokerage accounts, according to Dominitz, who works with other financial firms to monitor threats.
One of the latest offers to buy access to Robinhood accounts came Wednesday with each credential available for as little as $3.50.