Robinhood Glitch Allowed Attackers to Send Phishing Emails to Customers

A phishing campaign abused a flaw in Robinhood’s account creation process to send falsified "recent login" emails from [email protected]. Attackers exploited Gmail’s treatment of periods in usernames to create accounts tied to existing Gmail addresses, injected malicious HTML into device name fields, and caused legitimate notification emails to render clickable phishing links. Robinhood states this was not a system breach and that customer data and funds were not impacted; recipients are advised to delete suspicious emails and avoid clicking links.