Disco Bob Posted August 6, 2019 Share Posted August 6, 2019 Online bank Monzo was red-faced this week after admitting a flaw in the way it stored its customer credentials. The digital, mobile-only bank, headquartered in the UK, told customers over the weekend that it had been insecurely storing the PINs that they use to access their accounts. The company stored customer PINs in what it described as a "particularly secure part of our systems," but on Friday, August 2, it also noticed that it had been storing PINs in its log files as well. The log files are encrypted, but the company admitted that its engineers had access to them. It updated the Monzo mobile apps by 5:25 am local time on Saturday morning and then spent the rest of the weekend deleting the information. "We’ve deleted the information that we stored in this way. As soon as we discovered the bug, we immediately made changes to make sure the information wasn’t accessible to anyone in Monzo," the company said in a post on Sunday, August 4. The slipup affected fewer than one in five of its UK customers, the bank said. That's because only two features triggered the accidental PIN storage: getting a reminder of your card number and cancelling a standing order. It still amounts to around 480,000 customers, though. The bank said that it has already contacted people that had been affected. Those customers should go and change their PINs at a cash machine, it advised. No one outside the company had access to the PINs, it said, adding that it checked to ensure that the information hadn't been used to commit fraud. The incident highlights the difficulty in notifying large numbers of customers about cybersecurity issues. Monzo emailed customers, but several complained that they thought it was a scam or only saw the email by chance. "I too received this and it was in my spam. Should I have not seen this thread (like a huge portion of customers won’t) I wouldn’t have known," said one person. "Not at all bothered about the security issue by the way and I appreciate the transparency but just better notification needed." https://www.infosecurity-magazine.com/news-features/monzo-customer-pins-log-files Link to comment Share on other sites More sharing options...
mp68terr Posted August 6, 2019 Share Posted August 6, 2019 The bank admitted a severe security flaw: just sent an email. The customer has a bank overdraft: he has to pay penalties. Link to comment Share on other sites More sharing options...
Disco Bob Posted August 6, 2019 Author Share Posted August 6, 2019 13 hours ago, mp68terr said: The bank admitted a severe security flaw I " hate " these " banks " or " cards " pre paid as they are not as in a real bank , they are like revolt etc where someone is making large money off other people ..... Im sure but to not fully quote me but companies to not have to say about attacks / Breaches :( Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.