Security Flaw Exposes Personal And Financial Data From Hundreds Of Banks

By   ISBuzz Team
Writer , Information Security Buzz | Sep 03, 2018 11:30 am PST

A flaw in the web platform of Fiserv Inc., a technology services provider for financial institutions, reportedly exposed personal and financial account information on hundreds of bank websites. The vulnerability was discovered within its one-way messaging feature.

Javvad Malik, Security Advocate at AlienVault:

javvad malik“This appears to be the case of oversight in the application development and testing phase. Being able to change a value in the URL to gain access to other accounts is a well-documented security flaw that should be avoided. Knowing of this vulnerability, it would have been trivial for an attacker to write a script that would automatically change the URL and harvest many customers details.

It goes to highlight that small errors can slip through, even for large companies that are well-versed in security. It’s good to see Fiserv was able to respond and create patch in a timely manner.”