Largest Brazilian bank exposes customer data

Mobile app users had access to information from other customers
Written by Angelica Mari, Contributing Writer

Brazil's largest bank had to deal with a huge security breach of its mobile banking app as users had access to information about other customers at the institution.

Customers at Banco do Brasil (BB) using mobile banking through the bank's iOS and Android apps could get access to private data such as balance and statements from other, random account holders. The damage was not greater only because transfers and payments require a password.

The service affected users for about an hour on Monday (9) and was taken offline after the bank started to receive a barrage of complaints from hundreds of customers on Twitter. Yesterday, Banco do Brasil tweeted that it had identified the problem and that the service was back online "with stability."

A screenshot of the BB app | Image credit: Flavia Galveas (cc)


According to BB,  there has been some "inconsistency and intermittence" of customer information during the updating process of the apps, but the bank said its security systems "remained active" and "no data has been at risk in the event of financial transactions."

The bank does not disclose how many of its customers use the apps that it provides, but the app page on Google Play indicates that between one and five million users have downloaded the Android app.

The use of mobile banking in Brazil has gone by up 223,4 percent in the last year, according to the Brazilian Banking Federation.

Editorial standards