Hackers compromised users’ personal email accounts outside of the trading app, and used those emails to gain access to customers’ Robinhood accounts, a Robinhood spokesperson said in a statement.
“The security of Robinhood customer accounts is a top priority and something we take very seriously,” the statement reads.
The company is now working with affected customers to secure their accounts. Robinhood has also encouraged customers to protect their accounts using mechanisms such as two-factor authentication. In a push notification to customers sent last week marking National Cybersecurity Awareness Month, the company said: “2FA adds a strong layer of protection for your account, even if your password is weak, reused, or becomes compromised.”
When Robinhood is notified by a customer of potential fraud on their account, it restricts the account, investigates for unauthorized access, logs the user out on all devices and asks the customer to change their password, the spokesperson said.
–CNN Business’ Matt Egan contributed to this report.