PIN the blame on us, says Monzo in mondo security blunder: Bank card codes stored in log files as plain text
Trendy online-only Brit bank Monzo is telling hundreds of thousands of its customers to pick a new PIN – after it discovered it was storing their codes as plain-text in log files.
As a result, 480,000 folks, a fifth of the bank's customers, now have to go to a cash machine and reset their PINs.
The bank said the numbers, normally tightly secured with extremely limited access, had accidentally been kept in an encrypted-at-rest log file. The content of those logs was, however, accessible to roughly 100 Monzo engineers who normally would not have the clearance nor any need to see customer PINs.
The PINs were logged for punters who had used the "card number reminder" and "cancel a standing order" features.
To hear Monzo tell it, the misconfigured logs, along with the PINs, were discovered on Friday evening. By Saturday morning, the UK bank updated its mobile app so that no new PINs were sent to the log collector. On Monday, the last of the logged data had been deleted.
"No one outside Monzo had access to these PINs," Monzo said in its attempt to reassure customers.
"We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud."
Monzo says anyone whose PIN was exposed in the logs will be given a message instructing them to change their codes. To do that, the customer will need to go to a cash machine (app-happy Monzo has no brick-and-mortar branches) and select a new number via the PIN Services menu.
While Monzo maintains that nobody outside of the bank was able to see the codes, it would not be a bad idea to keep an eye on your account activity in case anything suspicious is spotted.
Additionally, everyone with an account at the bank is being advised to update their Android and iOS apps to make sure they have the latest versions, via which PINs are no longer fed into the log files.
The blunder is a setback for the upstart UK banking service, but fortunately for Monzo, it happened to come along in the wake of a much bigger banking privacy foul-up. With Capital One now facing lawsuits and the possibility of Congressional hearings for its mishandling of records on 106 million people, a few mishandled PINs won't get much play in the news cycle.
source theregister
Industry: Cyber Security
Latest Jobs
-
- Network & Security Consultant
- Spain
- Upto €54000 per year and benefits
-
Senior Network & Security Engineer to join a Managed Network & Security Team in Europe. In this critical role, you will: Play a pivotal role in managing and securing network infrastructure across datacenters, customer connections, and on-premise deployments. Proactively monitor network and security devices, analyse incidents, and implement solutions to ensure optimal performance and security. Collaborate with colleagues and customers to troubleshoot issues, troubleshoot outages, and implement effective resolutions. Lead and participate in network system installations for new facilities and expansions. Develop and maintain network infrastructure procedures, recommend technical strategies, and propose improvements to enhance network capabilities. Stay up-to-date on the latest network and security technologies and trends. Work as part of a collaborative international team, contributing to team presentations and knowledge sharing. To be successful, you'll need: Proven expertise in Cisco network solutions (CCNP R&S/Sec/Wireless preferred)for both BAU and project work. In-depth knowledge of network security principles and experience with Fortinet firewalls. Experience deploying and managing large, complex network infrastructure (routing, switching, wireless, security). Solid understanding of ITIL v3 framework for incident, change, and problem management. Excellent troubleshooting skills with experience using Wireshark or similar protocol analysers. Strong communication and teamwork skills, with the ability to work independently and collaborate effectively.
-
- Security Analyst - Internal role. London commutable. £50,000
- London
- £50,000
-
Security Analyst - Internal role. London commutable opportunity. Operational Security - Investigate, escalate and proactively work to ensure household name remains protected. Project Security - Coordinate, log change requests with project delivery teams to meet security requirements Policy / compliance - work with team to aid in uplifting these as and where needed This role is role to investigate, escalate and proactively work to protect a globally recognised brand. You must have current hands on operational analytical security experience with Microsoft technology stack Someone with a SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc would be advantageous. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Network & Security Consultant
- Romania
- €54000 plus benefits
-
Senior Network & Security Engineer to join a Managed Network & Security Team in Europe. In this critical role, you will: Play a pivotal role in managing and securing network infrastructure across datacenters, customer connections, and on-premise deployments. Proactively monitor network and security devices, analyse incidents, and implement solutions to ensure optimal performance and security. Collaborate with colleagues and customers to troubleshoot issues, troubleshoot outages, and implement effective resolutions. Lead and participate in network system installations for new facilities and expansions. Develop and maintain network infrastructure procedures, recommend technical strategies, and propose improvements to enhance network capabilities. Stay up-to-date on the latest network and security technologies and trends. Work as part of a collaborative international team, contributing to team presentations and knowledge sharing. To be successful, you'll need: Proven expertise in Cisco network solutions (CCNP R&S/Sec/Wireless preferred) for both BAU and project work. In-depth knowledge of network security principles and experience with Fortinet firewalls. Experience deploying and managing large, complex network infrastructure (routing, switching, wireless, security). Solid understanding of ITIL v3 framework for incident, change, and problem management. Excellent troubleshooting skills with experience using Wireshark or similar protocol analysers. Strong communication and teamwork skills, with the ability to work independently and collaborate effectively.
-
- Network & Security Consultant
- Hungary
- Upto €54000 per year and benefits
-
Senior Network & Security Engineer to join a Managed Network & Security Team in Europe. In this critical role, you will: Play a pivotal role in managing and securing network infrastructure across datacenters, customer connections, and on-premise deployments. Proactively monitor network and security devices, analyse incidents, and implement solutions to ensure optimal performance and security. Collaborate with colleagues and customers to troubleshoot issues, troubleshoot outages, and implement effective resolutions. Lead and participate in network system installations for new facilities and expansions. Develop and maintain network infrastructure procedures, recommend technical strategies, and propose improvements to enhance network capabilities. Stay up-to-date on the latest network and security technologies and trends. Work as part of a collaborative international team, contributing to team presentations and knowledge sharing. To be successful, you'll need: Proven expertise in Cisco network solutions (CCNP R&S/Sec/Wireless preferred) for both BAU and project work. In-depth knowledge of network security principles and experience with Fortinet firewalls. Experience deploying and managing large, complex network infrastructure (routing, switching, wireless, security). Solid understanding of ITIL v3 framework for incident, change, and problem management. Excellent troubleshooting skills with experience using Wireshark or similar protocol analysers. Strong communication and teamwork skills, with the ability to work independently and collaborate effectively.