Largest Brazilian bank exposes customer data

Largest Brazilian bank exposes customer data

Summary: Mobile app users had access to information from other customers

SHARE:
TOPICS: Mobility, Security
1

Brazil's largest bank had to deal with a huge security breach of its mobile banking app as users had access to information about other customers at the institution.

Customers at Banco do Brasil (BB) using mobile banking through the bank's iOS and Android apps could get access to private data such as balance and statements from other, random account holders. The damage was not greater only because transfers and payments require a password.

The service affected users for about an hour on Monday (9) and was taken offline after the bank started to receive a barrage of complaints from hundreds of customers on Twitter. Yesterday, Banco do Brasil tweeted that it had identified the problem and that the service was back online "with stability."

bb
A screenshot of the BB app | Image credit: Flavia Galveas (cc)

 

According to BB,  there has been some "inconsistency and intermittence" of customer information during the updating process of the apps, but the bank said its security systems "remained active" and "no data has been at risk in the event of financial transactions."

The bank does not disclose how many of its customers use the apps that it provides, but the app page on Google Play indicates that between one and five million users have downloaded the Android app.

The use of mobile banking in Brazil has gone by up 223,4 percent in the last year, according to the Brazilian Banking Federation.

Topics: Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Mobile Banking Security Weaknesses

    Mobile developers also need to play their part by building and maintaining secure mobile banking apps.

    Results from a recent study reveal that 8 out of 10 mobile banking apps contain build and configuration setting weaknesses. While the issues identified are merely informational in terms of risk, they do provide insight into the state of mobile development practices among leading megabanks, regional banks, and credit unions—in short, basic security best practices are not being followed.

    Download full report: http://www.praetorian.com/promo/mobile-banking-security-report
    Paul Jauregui