We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
Do not login to A&L this morning - HACKED
Comments
-
I cant believe they havent taken this down yet. Im not in the country at the moment. If someone can call their executive office (probably more useful than call center). This is most serious hack I've ever seen they had direct write access to Santander online banking portal. I've email them but its no response, the longer this stays up the more people could be potentially inconvenienced.0
-
poppies123, its impossible to say, most modern browser seem to prevent the attack that I can see, but because they been able to directly ability manipulate the actual login page on Santander servers, there is potential they've also compromised the code behind and other parts etc. Without going too technical I wouldnt worry yet as there is no dispute regarding who is at fault (unlike many phishing attacks). Just need to get them to take it offline, community help appreciated in this, its been like this for 24hrs already (I didnt realise the attack vector was actually code originating from their own website until some other techie pointed it out)0
-
Blimey 24 hours, just think how many people would have logged into their accounts in that time:eek:0
-
Ive done all I can to notify all the email addresses on santander corporate page and someone else kindly emailed their phishing team. They can take this offline with a flick of a button whilst they investigate. Ive never seen a hack like this where they had write access to Santander own servers - forgetting the actual component on the login page - thats just one component - that for most part is being stopped by the modern browsers. The scary thing is we really dont know what else they done, they had free reign by the looks of it and as of 9.20am its still up/live0
-
Sazzarella wrote: »
Has anyone who called the OP out as a spammer done any searching themselves?0 -
Finxtra refers to the stackoverflow site with no comment, just states "someone has reported". The stackoverflow report is by this op.0
-
Well this is very worrying, but apart from the 2 links above and and 3rd link (http://forum.linode.com/viewtopic.php?p=38284), there seems to be very little about this issue.
Also, the post on here and on stackoverflow are made by the same person. Finxtra just says "a Santander customer". And the poster on Linode, joined in January.Not as green as I am cabbage looking0 -
Update: Ive had a response back from Santander PR team that they are investigating the issue.0
-
Just checked My Santander (Abbey) login pages...
1st page https://retail.santander.co.uk/LOGSUK_NS_ENS/BtoChannelDriver.ssobto?dse_operationName=LOGON
2nd page https://myonlineaccounts2.abbeynational.co.uk/CentralLogonWeb/Logon?action=prepare&personalID=################
(personal ID removed for obvious reasons)
neither of those pages show the Java script hack, but I have held off logging in for the time being.Not as green as I am cabbage looking0 -
there seems to be very little about this issue.
Also, the post on here and on stackoverflow are made by the same person. Finxtra just says "a Santander customer". And the poster on Linode, joined in January.
It's early days yet, 3rd party people on the forum confirmed the Javascript code so something HAS happened.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 348.2K Banking & Borrowing
- 252.1K Reduce Debt & Boost Income
- 452.3K Spending & Discounts
- 240.7K Work, Benefits & Business
- 617K Mortgages, Homes & Bills
- 175.6K Life & Family
- 253.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 15.1K Coronavirus Support Boards