Warning: Bank of America Giving Access to Random Accounts
Today, we received an invoice for one of our expenses. To send the payment, I logged into Bank of America’s website to use their ACH (Automated Clearing House) system. Once logged in, I was able to click on the ‘Transfers’ button. Up until this point, everything was fine and I was viewing my own account. However, after entering the transfer interface, I ran into a huge privacy issue that should have never occurred in an online banking session: I was looking at someone else’s name, bank accounts, balances, e-mail address and more.
I have attached screenshots (with some information redacted) and have also e-mailed the bank reporting the issue. I am definitely not WATSON, and these are not my bank account numbers or bank account balances. It’s possible* that had I gone through with this payment it would have come out of WATSON’s account and not mine.
Logging out and logging back in seemed to fix the issue and I haven’t been able to reproduce it since its first occurrence.
Here is the letter to which we have not yet received a response:
[Awaiting Response.]
This is a serious privacy issue that needs to be addressed. If I can see someone else’s information, doesn’t that mean someone can see yours or mine?
* Some readers pointed out that it is possible but not clear and the text has been updated for this purpose.
Comments are closed.
17 Comments
I’ve seen this happen too! probably 4 months ago
ಠ_ಠ
ԚoԚ
Someone should tell them not to write cookies on cached images.
ಠ_ಠ
This is TOTALLY FUCKED UP. I want my money out of there NOW.