Do not login to A&L this morning - HACKED

edited 19 April 2011 at 8:01AM in Budgeting & Bank Accounts
61 replies 11.8K views
mattcodesmattcodes Forumite
19 Posts
edited 19 April 2011 at 8:01AM in Budgeting & Bank Accounts
Alliance and Leicester online banking has been compromised.

The login bank references malicious code to capture your details.

If you goto Google news and type santander you'll find a link to financial blog finextra that has more details.

This is not a phishing attack. A&L servers have actually been compromised. I've alert the PR department but it could take a few hours.
«134567

Replies

  • BigglesBiggles Forumite
    8.2K Posts
    ✭✭✭✭
    :spam:????
  • Eh? Not spam. Just doing my bit, its a warning to any A&L customers this morning as the hack is still ACTIVE.

    I found it hard to believe myself, i spotted it yesterday but thought it was just my machine, now its been verified by the techies.

    Their website is currently compromised. Ignore at your discretion. I posted the link to Stackoverflow if the techies if they dont believe it, thats all.
  • poppie123poppie123 Forumite
    954 Posts
    I logged on this morning before reading this. What should i do?:(
  • edited 19 April 2011 at 7:57AM
    mattcodesmattcodes Forumite
    19 Posts
    edited 19 April 2011 at 7:57AM
    Just hold fire. They will have to disclose this now. If you incur any loses Santander is responsible. Unlike a phishing attack / email-scam, in this instance the fault lies solely with Santander as their OWN infrastructure has been compromised. I'll update the thread once I see the vulnerability has been removed.

    Do not login again to change password as we dont know the scope of vunerability, they manage to get write access to Santander webserver so the whole chain could be vunerable. If you must check balance or do transfer, call them or go the branch
  • poppie123poppie123 Forumite
    954 Posts
    molerat wrote: »
    Thankyou for registering with this forum today just to warn us about this !! :spam:

    So is this a load of nonsense? and i dont have to worry?
  • edited 19 April 2011 at 8:03AM
    mattcodesmattcodes Forumite
    19 Posts
    edited 19 April 2011 at 8:03AM
    Eh? Well okay im full of sh*t. just keep a idea on google news later today if you dont believe me. What exactly am I spamming?

    Can someone techie go view the source of A&L login page and read from line 5 and you'll see the hack and come back and post and put these muppet that keep calling spam to rest

    Molerat: Go to Google news and type santander you see first report by finextra.com

    Im just giving people a heads up that's all... I wont bother next time..
  • poppie123poppie123 Forumite
    954 Posts
    Terrific! as if i don't worry enough now i don't know what to believe.

    Should i contact A+L and do something?
  • If you're using a modern browser they're probably only limited damage. But the fact they were able to compromise A&L/Santander infrastructure directly is very concerning, at this stage we dont know what else they cracked. They'll take offline shortly I hope for everyone's sake. Ive emailed A&L etc.. but no response. Perhaps Martin has a contact he can notify. ?
  • SazzarellaSazzarella Forumite
    403 Posts
    Tenth Anniversary Combo Breaker
    ✭✭
    Articles regarding the possible hack.

    Finxtra

    Stackoverflow
    Married 30/08/14 :heartpuls
  • poppie123poppie123 Forumite
    954 Posts
    mattcodes wrote: »
    If you're using a modern browser they're probably only limited damage. But the fact they were able to compromise A&L/Santander infrastructure directly is very concerning, at this stage we dont know what else they cracked. They'll take offline shortly I hope for everyone's sake. Ive emailed A&L etc.. but no response. Perhaps Martin has a contact he can notify. ?

    I used AOL to log on, i didn't get any warnings or anything though. It looked exactly like it always does.

    So i shouldn't do anything?? just wait and see is that what you suggest?
    or should i ring A+L tell that that my log in details could have been compromised and get them changed?
    Would that mean i was safe?
This discussion has been closed.
LATEST NEWS AND GUIDES