Top Stories
Top Stories
Finance

Robinhood warns some users to change passwords after revealing they weren't encrypted

Key Points
  • The stock-trading app notified a group of users saying their passwords were stored in a “readable format,” meaning they were not encrypted. 
  • Robinhood declined to say how many of its 6 million customers were affected but a spokesperson tells CNBC they discovered the issue Monday evening.
  • These passwords were kept in an internal company log in plaintext because of a technology glitch but Robinhood says this was not discovered through a hack or security breach.
Getty

If you use Robinhood to trade stocks, you might want to consider changing your password.

The popular stock-trading app emailed some of its users Wednesday to warn that private log-ins were stored in an unsecured way. These passwords were kept in an internal company log in "plaintext," meaning they were not encrypted because of a technology glitch, Robinhood said. The company declined to say how widespread the issue was, or how many users were affected.

"On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems," Robinhood said in an email to a group of customers Wednesday. "We wanted to let you know that your Robinhood password may have been included."

The issue was first reported by TechCruch. A Robinhood spokesperson told CNBC that the company became aware of the problem on Monday evening and within 48 hours, identified it and reached out to the customers. This was not the result of a hack or security breach, the spokesperson said.

"This did not include all Robinhood customers -- only people whose passwords were affected received the email," a Robinhood spokesperson told CNBC Thursday. "We decided to over-communicate with our customers and be forthcoming about this, despite the fact that our investigation found no evidence that any of this information was accessed by employees or outside parties."

High-stakes data such as passwords, as well as personal information, are typically stored in a jumbled order known as encryption, at all times. In the event of a hack, a criminal would see a mixed up group of letters instead of the plain password. Two months ago, Google revealed that it had mistakenly stored some of its enterprise customers' passwords in plaintext, too.

Robinhood, which offers commission-free stock and cryptocurrency trading, said it had 6 million users at the end of last year -- an eye-popping jump from just 4 million in August. Robinhood has said it still planning to launch a cash account after its failed launch of a checking account in December.

The Menlo Park, California-based company first shook up the brokerage space in 2013 with commission-free trading. Earlier this year, it submitted an application to the Office of the Comptroller of the Currency, or OCC, for a national bank charter. Robinhood hired the former CEO Wedbush Bank and Merchants Bank of California, Scott Racusin, to oversee the project and eventually be president and CEO of the proposed bank.

Last week, Robinhood announced a $323 million Series E funding round Monday that bumped its valuation to $7.6 billion. The round was led by DST Global. NEA, Sequoia, Thrive Capital and Ribbit Capital also participated.