Stock trading service Robinhood has admitted today to storing some customers' passwords in cleartext, according to emails the company has been sending to impacted customers, and seen by ZDNet.
"On Monday night, we discovered that some user credentials were stored in a readable format within our internal system," the company said.
"We resolved the issue, and after thorough review, found no evidence that this information was accessed by anyone outside our response team."
Robinhood is now resetting passwords out of an abundance of caution, despite not finding any evidence of abuse.
A company spokesperson told ZDNet via phone call that not all Robinhood users were impacted, but could not reveal the exact number. We were told the issue is believed to be resolved, and passwords are now being hashed using the Bcrypt algorithm, according to a help page.
On Monday, the same day that Robinhood devs were discovering the plaintext passwords issue, the company announced it had raised $323 million in a Series E funding round, bringing the company's value at $7.6 billion, around 35% higher than the previous valuation.
Robinhood is in select company
Storing passwords in cleartext is a huge security blunder; however, Robinhood is in "good company." This year alone, Facebook, Instagram, and Google have all admitted to storing users passwords in cleartext.