Wednesday 2 September 2020, Poradnik bezpieczeństwa

Insight into other people’s bills? mBank messes up

Lost24

mBank has had a serious mishap, as a result of which a group of clients could gain partial access to accounts of other users and browse their transaction history.


According to the Niebezpiecznik prota, existing mBank customers had their phone numbers changed and new clients have started to receive authentication messages intended for different users. Moreover, when logging in to the mobile app, new users could access the account history of different users, but with their own personal data.


Turns out that when setting up a new account in the branch, the bank’s system did not create new records but instead overwritten the existing ones. According to the portal, the error was probably related to comparing ID numbers, which the bank uses as unique identifiers.


Niebezpiecznik has asked mBank to explain the situation and in the bank’s statement we read that after detecting the above-mentioned errors, the bank has immediately limited access to its website and individually contacted people who were affected by the issue.


If you are the holders of an account at mBank, better check your details in the account profile.