October 28, 2020 2:00 AM

Opinion — Let’s get real: a letter to Robinhood’s raging clients

Robinhood's clients are livid, turning to social media to complain about hacked accounts and appalling customer service. And now that the social media snowball has blown up in the media, these clients are making headlines, too. But before we start jumping brokers, or to conclusions, it might be worth taking a moment to reflect on what's really happening. Things are not always as they seem.

/ Published 2 weeks ago

Robinhood's clients are livid after reports of hacked accounts emerge. What's happening?
Share on facebook
Share on twitter
Share on email
Share on linkedin
Share on whatsapp

Maybe you’ve missed it—this story concerns our U.S. neighbors more than us—but recently, the news has been littered with headlines like “Robinhood Users Vent Frustration after Some Accounts Were Hacked.”

Fair enough.

It’s only human to blame that which is most apparent. It’s a scene that plays out every day in every retail store when shoppers screech at customer service staff for things outside the purview of the store’s client-facing workers. Peeved drivers hurl insults at parking enforcement officers for enforcing regulations promulgated by administrators many steps further up the council foodchain.

And Robinhood’s clients rage at Robinhood as a result of cybersecurity failings outside of Robinhood’s control.

Is Robinhood’s customer service really to blame?

Look, I get it. I really do. For my U.S. friends who are trying to get back their hacked accounts, I understand that you’re upset and frustrated by their understaffed customer support. They make you wait and don’t give you the answers you want to hear.

But let’s get real. Sterling customer service isn’t going to change a thing. Once your funds are gone, they’re gone. The issue isn’t time-sensitive… unless you believe that all good companies should restore your funds at the snap of your fingers because you say you were hacked.

But that’s not going to happen. There is a reason that all Robinhood does at first is to “escalate the matter to [their] fraud investigations team.”

Imagine the torrent of additional “fraud” that would pop up out of nowhere if it were quick and easy. Suddenly everyone would want a refund on their “hacked” account. And others would demand that they regain access to “their” hacked account.

And for those who are blaming the problem on their lack of phone support, well… you’ve clearly never experienced the agony of on-hold Muzak as customer support agents bounce you around an infinite loop of departments.

And even if you managed to hit all the right buttons, not get disconnected, and finally get passed to the appropriate person, they’d probably still have—as one client put it— “the audacity to make people wait several weeks to hear back anything.” As this same user put it, this is an “investment app that’s handling people’s livelihoods, people’s money;” you don’t just do whatever the person on the other end of the phone tells you to do without investigating. It’s not hard to gather the requisite information—date of birth, full name and address, etc.—to answer a couple of “security” questions.

If the problem isn’t Robinhood’s customer support, then surely it’s still their fault…

It’s easy to point the blame at Robinhood; if many accounts are hacked at once, then the obvious conclusion is that Robinhood is the problem. As one user comments: “I was also a victim in this hack I find it hard to believe it wasn’t a breach at Robinhood as none of my other accounts were breached.”

But let’s not jump to conclusions… First, the issue of scale.

Current reporting has announced that the number of breached accounts is “larger than previously thought.” Now it’s believed that “almost” 2000 accounts were hacked. That sounds like a lot, right? But let’s not forget that Robinhood has over 13 million users. So while the number looks huge, it’s really just over 0.01% of their customers.

Don’t get me wrong. Even one hacked account is too much, but 2000 hacked accounts with a user base that size is hardly indicative of a wide-scale breach.

And while some of Robinhood’s clients might refute the trading platforms assertion that the breach was a result of hacked personal email accounts—asserting that they “can’t see any signs” that their email was breached—let’s not imagine for one moment that it takes a sophisticated hacker to snoop around your inbox without leaving a trace. Heck, your 6 year-old kid knows how to do it.

Trading account details for sale

The same client who complained about Robinhood’s audacity in making people wait to hear back also said he would move his money to Charles Schwabb. It makes perfect sense, right?

Wrong.

Hackers are selling account details for clients on most of the online brokerage platforms, including Charles Schwabb. It’s likely other platforms just haven’t received as much attention because: 1) they have smaller user bases, and; 2) not as heavily populated by millennials who turn to social media with every gripe that they have.

The Robinhood hack isn’t really news

Just because an observant reporter picked up the ranting on social media, it doesn’t make this event news. The unfortunate reality of living in an online world is that breached accounts will just be a part of life.

A cursory search of social media turns up all sorts of reports of hacked accounts from days-gone-by. Here’s one from a Reddit user, reporting a startlingly similar Robinhood breach from over a year ago:

“I… saw that a number of my stocks had been sold the previous day. I did not sell them. I also saw that an unknown bank was linked to my account, and the hacker attempted to transfer money into that bank account.”

Not long after this was posted, another Redittor who just so happened to see this post chimed in “Someone attempted to get into my Robinhood account today too…” 

So whose fault is it?

While the unfortunate reality of the internet is breached accounts, the unfortunate reality of human nature is that when something bad happens, there always must be someone to blame.

So let’s play the blame game by following the above-mentioned Reddit thread:

u/pectoraldactyl: “My Robinhood account was hacked…”

u/CardinalNumber: “The apps use … so it would need to be a really amazing targeted attack… [snip for brevity]… Better chance they just figured out a weak password.”

u/pectoraldactyl: “Gotcha. It may well have been a weak password. I just changed it to something more difficult.”

And no, Cr@zyca7!@dY is not a difficult password.

It's possible Robinhood's hacked clients were a victim of weak passwords.
Just in case you read the captions, don’t forget that recycling strong passwords across multiple accounts is also bad for security. (Source: xkcd)

(Featured Image by David Telford via Wikimedia Commons)

DISCLAIMER: This article was written by a third party contributor and does not reflect the opinion of CAStocks, its management, staff or its associates. Please review our disclaimer for more information.

This article may include forward-looking statements. These forward-looking statements generally are identified by the words “believe,” “project,” “estimate,” “become,” “plan,” “will,” and similar expressions. These forward-looking statements involve known and unknown risks as well as uncertainties, including those discussed in the following cautionary statements and elsewhere in this article and on this site. Although the Company may believe that its expectations are based on reasonable assumptions, the actual results that the Company may achieve may differ materially from any forward-looking statements, which reflect the opinions of the management of the Company only as of the date hereof. Additionally, please make sure to read these important disclosures.

Tags : 

Copyright © 2020 CA Stocks. All Rights Reserved.