Do not login to A&L this morning - HACKED

mattcodes · 19 April 2011 at 7:16AM

Alliance and Leicester online banking has been compromised.

The login bank references malicious code to capture your details.

If you goto Google news and type santander you'll find a link to financial blog finextra that has more details.

This is not a phishing attack. A&L servers have actually been compromised. I've alert the PR department but it could take a few hours.

Biggles · 19 April 2011 at 8:20AM

:spam:????

mattcodes · 19 April 2011 at 8:34AM

Eh? Not spam. Just doing my bit, its a warning to any A&L customers this morning as the hack is still ACTIVE.

I found it hard to believe myself, i spotted it yesterday but thought it was just my machine, now its been verified by the techies.

Their website is currently compromised. Ignore at your discretion. I posted the link to Stackoverflow if the techies if they dont believe it, thats all.

poppie123 · 19 April 2011 at 8:42AM

I logged on this morning before reading this. What should i do?:(

mattcodes · 19 April 2011 at 8:46AM

Just hold fire. They will have to disclose this now. If you incur any loses Santander is responsible. Unlike a phishing attack / email-scam, in this instance the fault lies solely with Santander as their OWN infrastructure has been compromised. I'll update the thread once I see the vulnerability has been removed.

Do not login again to change password as we dont know the scope of vunerability, they manage to get write access to Santander webserver so the whole chain could be vunerable. If you must check balance or do transfer, call them or go the branch

poppie123 · 19 April 2011 at 8:59AM

molerat wrote: »

Thankyou for registering with this forum today just to warn us about this !! :spam:

So is this a load of nonsense? and i dont have to worry?

mattcodes · 19 April 2011 at 9:00AM

Eh? Well okay im full of sh*t. just keep a idea on google news later today if you dont believe me. What exactly am I spamming?

Can someone techie go view the source of A&L login page and read from line 5 and you'll see the hack and come back and post and put these muppet that keep calling spam to rest

Molerat: Go to Google news and type santander you see first report by finextra.com

Im just giving people a heads up that's all... I wont bother next time..

poppie123 · 19 April 2011 at 9:03AM

Terrific! as if i don't worry enough now i don't know what to believe.

Should i contact A+L and do something?

mattcodes · 19 April 2011 at 9:07AM

If you're using a modern browser they're probably only limited damage. But the fact they were able to compromise A&L/Santander infrastructure directly is very concerning, at this stage we dont know what else they cracked. They'll take offline shortly I hope for everyone's sake. Ive emailed A&L etc.. but no response. Perhaps Martin has a contact he can notify. ?

Sazzarella · 19 April 2011 at 9:08AM

Articles regarding the possible hack.

Finxtra

Stackoverflow

poppie123 · 19 April 2011 at 9:13AM

mattcodes wrote: »

If you're using a modern browser they're probably only limited damage. But the fact they were able to compromise A&L/Santander infrastructure directly is very concerning, at this stage we dont know what else they cracked. They'll take offline shortly I hope for everyone's sake. Ive emailed A&L etc.. but no response. Perhaps Martin has a contact he can notify. ?

I used AOL to log on, i didn't get any warnings or anything though. It looked exactly like it always does.

So i shouldn't do anything?? just wait and see is that what you suggest?
or should i ring A+L tell that that my log in details could have been compromised and get them changed?
Would that mean i was safe?

MSE Forum

Do not login to A&L this morning - HACKED

Replies

Energy Price Cap change

Best £1 you've ever spent?

New MSE Forum avatars available