Hackers exploit Robinhood account creation tool to launch worrying phishing scam
Hackers exploited a vulnerability in Robinhood's account creation email system to send phishing emails that appeared legitimate, redirecting users to credential-stealing pages. The flaw allowed attackers to inject malicious HTML into the device metadata field of confirmation emails. Robinhood has fixed the issue, and no customer accounts or funds were compromised. The phishing emails likely targeted data from past breaches, including Robinhood's 2021 incident.
- ▪Cybercriminals exploited a flaw in Robinhood's account creation process to send phishing emails from the legitimate [email protected] address.
- ▪The phishing emails bypassed standard email security checks like SPF and DKIM by injecting malicious HTML into the device metadata field.
- ▪Victims were directed to fake login pages designed to steal their credentials, though no accounts or funds were accessed.
- ▪Robinhood confirmed the vulnerability has been patched and the malicious landing pages are offline.
- ▪Attackers likely used email addresses obtained from previous data breaches, possibly including Robinhood's November 2021 incident.
Opening excerpt (first ~120 words) tap to expand
Pro Security Hackers exploit Robinhood account creation tool to launch worrying phishing scam News By Sead Fadilpašić published 28 April 2026 Robinhood says the vulnerability has since been fixed When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Robinhood) Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Attackers exploited a flaw in Robinhood’s account creation emails to inject phishing contentFake warnings from [email protected] redirected victims to credential‑stealing landing pagesThe vulnerability has been fixed, and no customer accounts or funds were…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechRadar.
Discussion
0 commentsMore from TechRadar
