On hacking incidents at Zerodha and measures we're taking
There has been some noise about the hacking incidents at Zerodha. Here is some data: Out of the ~65lk customers who traded with us last year, we have ~100 complaints of fraud. ~ 80 where login details were shared willingly & ~20 where email was hacked (all Rediffmail IDs).
As a % of such cases or even normal complaints to overall active customers, we are among the lowest in the broking industry. So this isn’t just about us; regardless of the broker, you need to be careful not to share your login details & use a secure email.
Since all email hacking cases happen to use Rediffmail, it must have some vulnerability being exploited. We blocked Rediff IDs on trading accounts a while ago & have constantly been notifying users. We also now don’t send password resets to Rediff email IDs.
We are soon launching a tool that disallows trades in illiquid options far away from theoretical price + a Kill Switch option to block orders in all penny stocks similar to F&O. Address the root cause of most hacking attempts.