More than three million online banking customers at HSBC have been left exposed to online fraud for at least two years, security experts at Cardiff University have found.
Anyone who exploited the flaw could have gained access to an account within nine attempts, a security lapse described as “scandalous” by one analyst.
When warned of the lapse, HSBC said that it took security very seriously and would immediately address the issue.
It added that it was not aware of anyone exploiting the loophole, which is said to risk exposing users to keyloggers, malicious programs which detect codes and passwords.
“There are serious issues here,” security expert at Cardiff University professor Antonia Jones told the Guardian.
“Banks are in the business of safeguarding your money, and if they tell you that it’s safe then you assume that’s the case.
“But as long as this flaw exists, customers are at risk. For banks or institutions that are making huge amounts out of their customers not to protect them is pretty scandalous.”
© Adfero Ltd