The UK mobile-only bank Monzo admits that „we weren’t storing some customers’ PINs correctly”. The number of affected users is around 480,000.

7 august 2019

Bug in Monzo mobile apps sent account PINs to internal logs. The logs were encrypted, according to ZDNet.

„We’ve fixed an issue that meant we weren’t storing some customers’ PINs correctly”, the company said.

The company discovered the bug on Friday, August 2, 2019, and spent all weekend removing PIN numbers from its internal logs. As soon as it finished this operation, Monzo published a statement on its site on Monday morning, August 5.

Monzo described the issue as a „bug” that occurred when Monzo customers used two specific features of their Monzo mobile apps — namely the feature that reminds users of their card number and the feature for canceling standing orders.

When Monzo customers used one of these two features, they would be asked to enter their account PIN, for authorisation purposes, but unknown to them, the PIN would also be logged inside Monzo’s internal logs.

Monzo said these logs were encrypted and that only a few employees had access to the data stored inside. The company said that all users should update their mobile apps. The company published an update for its mobile app on Saturday, August 3, 2019, so the apps will not send the account PIN code to Monzo servers anymore.

Monzo launched in the UK in 2015 and it does not have any branches, as it operates solely via its mobile apps. In June 2019, the company announced plans to launch in the US.

The company said it passed over the one million users mark in October 2018. On its website, Monzo claims that over 55,000 people open an account every week. In June 2019, the company announced plans to launch in the US.

Adauga comentariu

Cifra/Declaratia zilei

Nic Marius Balaceanu – Founder & CEO Lendrise

„For more than a week now, ScoreRise enrolls daily hundreds of users through an innovative facial recognition interface. Enrollment takes less than a minute and it does not require presence of a human operator or video recording. And, of course, it stays fully GDPR compliant with help from Reff & Associates and Deloitte Romania.”

Romania este ultima tara membra UE care nu a transpus in legislatia romaneasca Directiva europeana revizuita a serviciilor de plata (PSD2). Cand credeti ca se va intampla totusi acest lucru?
49 votes · 49 answers