By Andy McCue, 9 November 2004 13:33
NEWS Morgan Stanley has moved to close a security loophole that could potentially have compromised the passwords of some customers using its online credit card service.
The problem centred on a password-saving feature in Microsoft Windows, which allows users to save login and password details so they are automatically filled in by their PC when prompted for the information.
Most financial services websites have their online services set up - in accordance with APACS guidelines - so that their customers can't use this 'Autocomplete' feature to gain access to their accounts and prompting them to enter their password manually each time.
But Morgan Stanley has allowed customers to access their online credit card accounts using Autocomplete since the service was set up in 1999, meaning that customers using a shared PC were potentially leaving their password and account to be accessed by anyone else using that machine.
A spokeswoman for Morgan Stanley confirmed the loophole was quickly closed by IT staff as soon as it was alerted to the problem yesterday by the BBC. She said the company will also be notifying customers of the change.
Just last week online bank Cahoot was the subject of a security scareafter a routine upgrade of the bank's software resulted in a flaw that allowed users to move between other people's accounts by bookmarking sections of the site. Cahoot took the site down for 10 hours while it fixed the problem.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below