Acorns has apologized for sending out a large number of emails informing their recipients of an account lock status due to security reasons and offering them a phone number to call in order to unlock them. As the California-based investment app explained soon after the blunder via a tweet, the dissemination of these messages was a mistake and doesn’t really mean anything about people’s account security.
Weirdly, many people who have an account on the Acorns platform report that their accounts remain inexplicably locked despite the public assurances, so many are worried that something has really happened. Also, many express their disappointment with Acorns’ customer support lines, claiming that nobody ever answered their calls even though they tried numerous times.
The platform has not given any further explanations on its site or its social media channels. What the firm told those who are still having trouble logging in is that this is just due to the high volume of traffic that comes as a natural result of locking out everyone and then having them frantically retry until they’re able to get back to their accounts and precious funds.
Coincidentally, the Acorns website went down for about two hours yesterday, according to the Downdetector, which is suspicious if we’re talking about a “mere” email distribution mistake. Some are betting this has to do with the recent T-Mobile breach, which has been confirmed by the telco’s own internal investigation, possibly enabling malicious actors to launch a wave of credential stuffing attacks. Having any massive breach out there is a unique opportunity to combine it with previous data leaks and add pieces to users' identity or online presence puzzle. For sure, hackers would love to access people’s Acorn accounts and steal their money.
Acorns offers two-factor authentication, so if you haven’t added that security step yet, you should better do it immediately. Also, resetting your password now and using something new, unique, and strong wouldn’t be a bad idea. Many users report that no matter what really happened, their trust in Acorns has been irreversibly compromised, so they’re withdrawing all their money and joining another platform.