In the past period, Bank of America (BoA) made a lot of headlines because of the attacks launched against its systems by Muslim hackers. However, this time, the problem isn’t about what hackers are doing, but about a serious glitch in the financial institution’s website.
While logging in to BoA’s site in order to access the Automated Clearing House (ACH) system, experts from privateinternetaccess.com noticed that they were actually viewing the bank account details of some other random customer.
Initially, everything seemed to be fine. However, after they entered the transfer interface, they were presented with the name, bank account, balance, email address and other details of an individual named Watson who had nothing to do with the company.
“I am definitely not WATSON, and these are not my bank account numbers or bank account balances. It’s clear that had I gone through with this payment it would have come out of WATSON’s account and not mine,” Andrew of Private Internet Access explained
Apparently, the account is restored to normal after the user logs out and logs back in again, and the security hole couldn’t be reproduced after this first occurrence. However, this doesn’t make it less serious.
Exposing the details of random individuals is unacceptable for a financial institution that handles the finances of millions of people. Furthermore, some users reported that they also encountered this problem in the past, which means that this isn’t an isolated incident.
Private Internet Access representatives made screenshots and sent out a detailed notification to BoA. Since the bank hasn’t replied to the notification, we’ve sent them an inquiry of our own. We’ll update this post in case they respond to clarify the issue.