Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails

Over a weekend, attackers exploited an unsanitized "device name" field in Robinhood's account signup flow to inject HTML into automated login-notification emails, causing authentic-looking messages from [email protected] (which passed SPF/DKIM) to include phishing links that led to credential theft sites; attackers reportedly used Gmail dot-aliasing and possibly leaked email lists to reach victims, and Robinhood has since removed the vulnerable field and urged users to delete any suspicious emails.