Egg gives customers another security fright

Beleaguered online bank Egg gave some of its customers a security scare Monday when it accidentally posted a "dummy account page" which made it look as if they had gained unauthorised access to someone else's credit-card account.

One Egg customer contacted ZDNet News after apparently wandering into another customer's account in the early hours of Monday morning. He was naturally perturbed by this apparent security cock-up and evidently found little solace on Egg's customer support line.

"The name and the Visa number at the head of the Web page were correct," he says. "But the transactions were for payments made in September of last year. The payments were to companies that I have never dealt with. The credit limit was also for someone else. it wasn't so much getting into someone else's account, it was more the worry that someone could get into mine. "

According to Egg banking strategy manager Andy Thomas this was not so much a security lapse as a rather unfortunate mistake by Egg's Web staff. The blunder took placed at 2am on Monday morning when the site was undergoing maintenance. Thomas says that technical staff accidentally posted a "dummy account", used to practise transferring data through the site, to all its users' account pages while the site was being tested.

Thomas says, "We were meant to put up a screen to show that maintenance was going on. It was only for 10 minutes and as soon as we realised [the mistake] we went back and changed it. This was a small glitch that affected one in 1,000 people."

According to Thomas, however, Egg was contacted by at least one other worried customer about the mistake.

Thomas also promises that Egg's much publicised security record is on the mend, adding: "We've been improving the site continually, advising customers on the best way to use it. Security is the element we probably focus on the most."

What do you think? Tell the Mailroom. And read what others have said.

See also: the e-commerce special.