Late last night / early this morning, Fly & Dine and Doctor of Credit as well as many people on Twitter have reported what could be a major security breach at Chase: people report logging into their Chase accounts only to be taken to a stranger’s account, where they can view all of the sensitive info stored within one’s bank login — credit card history, address, phone number, etc. At this point, Chase has not released any information, but Doctor of Credit suggests that logging in right now might be a trigger.
Right now, we know little beyond what is being reported by individual people (see the Doctor of Credit post linked above for many Twitter screen shots of reports), but I personally intend to check on my accounts by calling the number on the back of my cards and checking balances through the automated system rather than logging in through the website or app in the short term. Hopefully, there will be more information to come.
Last week someone changed my Chase username and login then used about 350K points to buy 2 separate tickets to Malaysia and 2 hotel reservations, all for 4 different people. Coincidence that it involved Malaysia as noted by Bluto? It was all straightened out and I got all my miles back. I’m keeping a close eye on my charges though. I thought it was interesting that Chase didn’t think it was necessary to change my account numbers.
[…] morning, we posted about a possible security breach at Chase bank (See: Potential Chase security breach: Don’t log in?). Chase has since confirmed the breach. According to their news release to Bloomberg, the breach […]
I’m concerned that the app lets you redeem UR points. Anybody having any problems with that?
I had 229,000 points drained after the breach and three luxury hotel reservations paid for with points (one in Malaysia and another in Indonesia). Chase caught it and reimbursed the points. Now I know how this happened.
They’re taking a page out of IHG’s playbook: I lost 120K points earlier this year. 4-digit PIN is ridiculous. But I digress…
I logged in yesterday around 5:30pm Arizona time to pay my credit card. I do not have a checking or savings account with Chase. I was suddenly in someone elses checking account with full access. I called Chase and they told me that they knew of the problem – WHY DIDNT THEY SHUT DOWN THEIR WEB ACCESS IF THEY KNEW???
I logged in earlier this morning to my 3 Chase logins, nothing odd at all.
I logged into Greg’s account, and did a quick ACH transfer to my own account; not sure what all the fuss is about!
lol
On Bloomberg, at 10:15 JP Morgan Chase sent out a couple headlines which claim a glitch gave customers access to others’ accounts on an ‘extremely limited’ basis and it was resolved within hours.
Take that with a grain of salt.
What about account aggregator services like Mint and Personal Capital?
I logged in 3:30 MST yesterday and saw nothing unusual.
I logged in a couple of time this morning, without incident. Fingers are crossed now