Warning: Bank of America Giving Access to Random Accounts
Today, we received an invoice for one of our expenses. To send the payment, I logged into Bank of America’s website to use their ACH (Automated Clearing House) system. Once logged in, I was able to click on the ‘Transfers’ button. Up until this point, everything was fine and I was viewing my own account. However, after entering the transfer interface, I ran into a huge privacy issue that should have never occurred in an online banking session: I was looking at someone else’s name, bank accounts, balances, e-mail address and more.
I have attached screenshots (with some information redacted) and have also e-mailed the bank reporting the issue. I am definitely not WATSON, and these are not my bank account numbers or bank account balances. It’s possible* that had I gone through with this payment it would have come out of WATSON’s account and not mine.
Logging out and logging back in seemed to fix the issue and I haven’t been able to reproduce it since its first occurrence.
Here is the letter to which we have not yet received a response:
[Awaiting Response.]
This is a serious privacy issue that needs to be addressed. If I can see someone else’s information, doesn’t that mean someone can see yours or mine?
* Some readers pointed out that it is possible but not clear and the text has been updated for this purpose.
Comments are closed.
avoid BofA and other large banks like the plague. They outsource all their call centers and software development to 3rd world countries. Not really the place I want to trust my money with. Join your local credit union. Much better service, I can email my personal banker….how’s that for customer service.
Bank of America is always getting hacked, you were probably given the account for laughs.
A few weeks ago I called BoA, put in my account number and was soon redirected and talking to a representative about someone else’s mortgage account. I don’t even have a mortgage with BoA
Curious where you were connecting from? Any possibility of a proxy between you and BofA?
I had this happen to me yesterday, too. Took the same screen shots. Glad you wrote to them. Hope they fix it!