In a statement on Thursday, trading app Robinhood confirmed that a “limited number” of customer accounts had been targeted by cybercriminals, though the Robinhood service itself had not been compromised.
Though Robinhood did not specify exactly how many accounts had been affected, it had been previously reported by Bloomberg that almost 2,000 customer accounts had been infiltrated, citing a person with knowledge of Robinhood’s internal probe.
The attacks prompted a backlash on social media, with several users failing to contact the company, which does not list a customer service phone number. Bloomberg’s report noted that Robinhood was considering adding a phone number in addition to other tools.
Robinhood said that the accounts may have been compromised after cybercriminals breached personal email accounts outside of their service.
“The security of Robinhood customer accounts is a top priority and something we take very seriously,” the company said in a statement. “We always respond to customers reporting fraudulent or suspicious activity and work as quickly as possible to complete investigations.”
Robinhood is now working with affected customers to secure their accounts, advising that users use two-factor authentication to better protect their data. “2FA adds a strong layer of protection for your account, even if your password is weak, reused, or becomes compromised,” the company said in a push notification sent to customers last week to mark National Cybersecurity Awareness Month.
Robinhood is a California-based company that offers financial services to 13 million customers through its mobile app and website, enabling them to invest in stocks, ETFS and cryptocurrencies.