My Fidelity account was compromised on March 24, 2026.
Unauthorized activity sold my existing holdings across multiple accounts and used the proceeds to buy large amounts of LOVE ($LOVE). I did not authorize any of those trades, and I never received the usual SMS 2FA code for the suspicious login.
Unauthorized activity sold my existing holdings across multiple accounts and used the proceeds to buy large amounts of LOVE ($LOVE). By the time I discovered it and contacted Fidelity, LOVE had already fallen about 10%–15% from the unauthorized purchase prices. So although the stock briefly rose earlier, I did not benefit from that move — I was left holding an unauthorized concentrated position at a loss.
My login history shows an earlier login that day that I do not recognize, before my own first login. I believe that was the unauthorized access tied to the trades.
Fidelity opened a fraud case, locked the affected accounts, and is now moving me to new account numbers because the old ones may be compromised. The case has already been sent from the fraud team to the claims team for review.
I’ve already:
- changed major passwords
- stopped reusing passwords
- reset my device
- froze all three credit bureaus
- filed an FTC identity theft report
- filed a police report
I’m trying to hear from people who have been through something similar with Fidelity or another brokerage.
A few things I’m trying to understand:
- Did the brokerage fully reverse the unauthorized trades and make you whole?
- How long did the claims review take?
- Did they also correct the tax reporting from the unauthorized sales?
- If your claim was denied or only partially approved, what reason did they give?
- If it was denied, what did you do next — FINRA arbitration, attorney, regulatory complaint, etc.?
- What evidence actually ended up mattering most?
I’m also trying to understand how the intruder may have gotten in. I had SMS 2FA enabled, but I never received any verification text for the suspicious login. Has anyone seen this happen through password reuse, a trusted device/session issue, stolen cookies, malware, or something else? And did the brokerage ever tell you how the account was accessed, or only whether the claim was approved?
I’m mainly trying to understand the likely outcome, what timelines are realistic, and how to prepare if the claim is not fully approved.
Thank you!
Brokerage account compromised at Fidelity; unauthorized trades caused major losses — what should I expect from claims/restoration?
byu/Educational-Map-7998 inpersonalfinance
Posted by Educational-Map-7998
3 Comments
I’m a security engineer. You were most likely phished. The second most likely is your computer is compromised. There are phishing kits out there that will steal your session which can remain active for weeks or more, depending on how Fidelity has it set up. You likely got phished some time ago and the session token is still valid. If malware is on your system then it’s pretty easy to steal your sessions too. It’s highly unlikely Fidelity was themselves were compromised, but it’s possible.
I don’t have any help, but this is the kind of thing that I worry about. It would be good to know how to prevent it absolutely.
I can’t login without receiving a security code to my mobile device. I never click ‘remember this device or browser’ or whatever it says.
Are you married? Do you have kids? But again I can’t login without a code to my mobile so I don’t know what settings you have but they need to be changed.