Customers visiting Morgan Stanley's credit card account center were able to opt in to a Microsoft function that remembers passwords. The next user could then access information using data remembered by the PC.
Morgan Stanley fixed the problem and assured customers that the security flaw had not yet been exploited.
"Morgan Stanley has received no customer complaints or calls on this issue to date, and to our knowledge, no accounts have been accessed improperly," read an email statement. Visitors to the site will now find that password recognition function is blocked.
Last week, Cahoot, the online offshoot of UK bank Abbey National, revealed a similar security flaw that enabled customers to view others account details.
Analysts have described the situation as another blow for the internet banking industry.
"If the Cahoot situation set online banking back six months then it's eight months now," said Graham Titterington, principal analyst at Ovum.
"It's clear that banks aren't protecting their customers. These sort of problems were happening a few years ago and I'm afraid to say, they are going to happen again."
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
