Holy carp. Logging passwords is a rooky mistake, if there ever was one… I guess their saving grace is that they hand encrypted their logs…
Less than a fifth is a lot of customers, encrypted doesn’t mean secure, if you have access to the data in a format that is ready to read then encryption doesn’t mean much.
They have fixed the issue which is good, what they need to work out is why it arose considering they wrote the system they use.
How many times have they said
“We’re very sorry this has happened”
They said it so many times in the blog post about the outage I was going to suggest a drinking game for next time. We know you’re sorry, saying it every other sentence doesn’t make it any meaningful, once is enough.
Not sure if they’re emailing the people affected by this or everyone…
But I’ve just had an email…
Ouch - and since they need users to update the app can we assume that those who don’t will continue to have their PINs logged?
Now I have to change my favourite PIN because of their mistakes? Nice… nice
I don’t use my monzo card so just disabling card transactions not changing the pin to one I won’t remember.
I am just changing my DDs over starling not impressed.
A post was merged into an existing topic: The Monzo Forum thread
I would but IFTTT
I’m no longer a Monzo customer so I doubt I’ll be notified if I was effected!?
I’m really unhappy about this as I use the same PIN for all of my cards. I’ve never shared it and it’s a random number so it WAS pretty secure.
Scratch that, I just received an email; I’m one of the affected…
Can you change an Amex card PIN on any ATM free?
But at least you’re not a SecurityBreachPlusMetalostomer…
Just think if you were paying for that service… might be able to get my wife to join Starling on the back of this
“Engineers at Monzo have access to these log files as part of their job.”
Monzo must think that their engineers must be untrustworthy.
Of course I would, it’s Monzo
said no one ever
So, how many people do use a different PIN per card?