Warning: Bank of America Giving Access to Random Accounts

Today, we received an invoice for one of our expenses. To send the payment, I logged into Bank of America’s website to use their ACH (Automated Clearing House) system.  Once logged in, I was able to click on the ‘Transfers’ button.  Up until this point, everything was fine and I was viewing my own account.  However, after entering the transfer interface, I ran into a huge privacy issue that should have never occurred in an online banking session:  I was looking at someone else’s name, bank accounts, balances, e-mail address and more.

I have attached screenshots (with some information redacted) and have also e-mailed the bank reporting the issue.  I am definitely not WATSON, and these are not my bank account numbers or bank account balances.  It’s possible* that had I gone through with this payment it would have come out of WATSON’s account and not mine.

Logging out and logging back in seemed to fix the issue and I haven’t been able to reproduce it since its first occurrence.

Here is the letter to which we have not yet received a response:

[Awaiting Response.]

This is a serious privacy issue that needs to be addressed.  If I can see someone else’s information, doesn’t that mean someone can see yours or mine?

* Some readers pointed out that it is possible but not clear and the text has been updated for this purpose.

About Andrew

Andrew is a long-time advocate of privacy and the conservation of the personal realm. He served as the brand manager for an internationally recognized best-selling product prior to co-founding Private Internet Access. Additionally, he was the co-founder of Mt. Gox Live which was acquired by Mt. Gox and created their official mobile application.

  • John

    ಠ_ಠ

    • Jaded Jesse

       This is TOTALLY FUCKED UP.   I want my money out of there NOW.

  • Anthony

    Someone should tell them not to write cookies on cached images.  

  • http://nerdfiles.net/ Aharon Alexander

    ԚoԚ

  • Jason

    ಠ_ಠ

  • Sam Dlg

    I’ve seen this happen too! probably 4 months ago

  • Anonymous

    Is this a first-hand account of your account, Andres?

  • http://twitter.com/MateusCaruccio Mateus Caruccio

    Ha! America is now a pure socialist state!

  • Jtmoney

    WHAT THE FUCK!?!?!?  We need a response from B of A on this issue ASAP.

  • Maryam

    I had an issue with Bank of America about 5 years ago in which they added someone to my account without my knowledge or consent. They paid back the money that was taken out of my account, but did not fire the employee that was responsible for making the addition. Have not banked with them since… >_>

    • robertsgt40

      Good move leaving BoA(or any/all of the big boys). They are ALL insolvent.  When TSHTF people are gonna lose a bunch.  I suggest a smaller local bank or a credit union if you must have a bank.  I pulled all funds out of the system 4yrs ago and converted to physical silver.  Only keep what’s needed for daily existence.  The dollar is in a death spiral.  There was no way for me to justify making less than 1% and having to pay taxes on that.  My motto is “starve the beast”

  • Paco

    That is strange because I also have BoA and when I do transfers I don’t get that interface…

  • Sridhar

    I had this happen to me yesterday, too. Took the same screen shots. Glad you wrote to them. Hope they fix it!

  • Tariq Biziou

    Curious where you were connecting from? Any possibility of a proxy between you and BofA?

  • Matthew A Cox

    A few weeks ago I called BoA, put in my account number and was soon redirected and talking to a representative about someone else’s mortgage account. I don’t even have a mortgage with BoA

  • sarah stein

    Bank of America is always getting hacked, you were probably given the account for laughs.

  • muckraker007

    avoid BofA and other large banks like the plague. They outsource all their call centers and software development to 3rd world countries. Not really the place I want to trust my money with. Join your local credit union. Much better service, I can email my personal banker….how’s that for customer service.