Do not login to A&L this morning - HACKED

24567

Comments

  • mattcodes
    mattcodes Posts: 19 Forumite
    I cant believe they havent taken this down yet. Im not in the country at the moment. If someone can call their executive office (probably more useful than call center). This is most serious hack I've ever seen they had direct write access to Santander online banking portal. I've email them but its no response, the longer this stays up the more people could be potentially inconvenienced.
  • mattcodes
    mattcodes Posts: 19 Forumite
    poppies123, its impossible to say, most modern browser seem to prevent the attack that I can see, but because they been able to directly ability manipulate the actual login page on Santander servers, there is potential they've also compromised the code behind and other parts etc. Without going too technical I wouldnt worry yet as there is no dispute regarding who is at fault (unlike many phishing attacks). Just need to get them to take it offline, community help appreciated in this, its been like this for 24hrs already (I didnt realise the attack vector was actually code originating from their own website until some other techie pointed it out)
  • poppie123
    poppie123 Posts: 957
    First Anniversary Combo Breaker
    Forumite
    Blimey 24 hours, just think how many people would have logged into their accounts in that time:eek:
  • mattcodes
    mattcodes Posts: 19 Forumite
    Ive done all I can to notify all the email addresses on santander corporate page and someone else kindly emailed their phishing team. They can take this offline with a flick of a button whilst they investigate. Ive never seen a hack like this where they had write access to Santander own servers - forgetting the actual component on the login page - thats just one component - that for most part is being stopped by the modern browsers. The scary thing is we really dont know what else they done, they had free reign by the looks of it and as of 9.20am its still up/live
  • mr_fishbulb
    mr_fishbulb Posts: 5,224
    First Anniversary Combo Breaker
    Forumite
    Sazzarella wrote: »
    Articles regarding the possible hack.

    Finxtra

    Stackoverflow
    Exactly - I found those within 2 minutes of searching too.

    Has anyone who called the OP out as a spammer done any searching themselves?
  • molerat
    molerat Posts: 31,642
    Name Dropper Photogenic First Post First Anniversary
    Forumite
    Finxtra refers to the stackoverflow site with no comment, just states "someone has reported". The stackoverflow report is by this op.
  • Cmdr_Bond
    Cmdr_Bond Posts: 624
    Name Dropper First Post First Anniversary
    Forumite
    Well this is very worrying, but apart from the 2 links above and and 3rd link (http://forum.linode.com/viewtopic.php?p=38284), there seems to be very little about this issue.

    Also, the post on here and on stackoverflow are made by the same person. Finxtra just says "a Santander customer". And the poster on Linode, joined in January.
    Not as green as I am cabbage looking
  • mattcodes
    mattcodes Posts: 19 Forumite
    Update: Ive had a response back from Santander PR team that they are investigating the issue.
  • Cmdr_Bond
    Cmdr_Bond Posts: 624
    Name Dropper First Post First Anniversary
    Forumite
    Just checked My Santander (Abbey) login pages...

    1st page https://retail.santander.co.uk/LOGSUK_NS_ENS/BtoChannelDriver.ssobto?dse_operationName=LOGON

    2nd page https://myonlineaccounts2.abbeynational.co.uk/CentralLogonWeb/Logon?action=prepare&personalID=################
    (personal ID removed for obvious reasons)

    neither of those pages show the Java script hack, but I have held off logging in for the time being.
    Not as green as I am cabbage looking
  • ashleypride
    ashleypride Posts: 657
    First Post First Anniversary Combo Breaker
    Forumite
    Cmdr_Bond wrote: »
    there seems to be very little about this issue.

    Also, the post on here and on stackoverflow are made by the same person. Finxtra just says "a Santander customer". And the poster on Linode, joined in January.

    It's early days yet, 3rd party people on the forum confirmed the Javascript code so something HAS happened.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 342.2K Banking & Borrowing
  • 249.8K Reduce Debt & Boost Income
  • 449.3K Spending & Discounts
  • 234.4K Work, Benefits & Business
  • 606.7K Mortgages, Homes & Bills
  • 172.7K Life & Family
  • 247.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards