Investment and stock trading app Robinhood recently admitted to storing user credentials like passwords in plaintext (via TechCrunch).
Robinhood says it discovered the passwords in its system, but found no evidence they were accessed by “anyone outside of our response team.” Ideally though, passwords should be protected against employees too. An email was sent to customers notifying them of the incident, which reads:
When you set a password for your Robinhood account, we use an industry-standard process that prevents anyone at our company from reading it. On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your Robinhood password may have been included.
We resolved this issue, and after thorough review, found no evidence that this information was accessed by anyone outside of our response team. Out of an abundance of caution, we still recommend that you change your Robinhood password.
We take matters like this seriously. Earning and maintaining your trust is our top priority, and we’re committed to protecting your information. Let us know if you have any questions—we’re here to help
Hopefully Robinhood doesn’t believe “plaintext” is an industry standard. Although as Devin Coldewey points out, it might as well be a standard, since Google, Facebook, Twitter, and others were caught doing the same thing.