Commsec online trading exposed to hackers

Billions at risk as online trader CommSec exposed to hackers

SECURITY at the nation’s biggest online trader has been exposed as wide open to attack by computer hackers.
Security flaws at CommSec potentially endangered accounts containing billions of dollars of mum-and-dad investors’ money.

After a Herald Sun investigation, CommSec’s 1.7 million customers have been strongly urged to change their passwords.

Had any hackers entered the system they would have been able to access the personal details of CommSec’s customer accounts and trade in other people’s share portfolios.

This would potentially have allowed them to manipulate the share market to their advantage. But hackers would not have been able to withdraw money.

The glitch was discovered by a Melbourne computer programmer, who said even a teenage computer buff with basic cyber skills could break into customers’ accounts.

Start of sidebar. Skip to end of sidebar.
.End of sidebar. Return to start of sidebar.
“John” stumbled upon and highlighted the weak link in CommSec’s online accounts when he became a customer.

He said the online accounts used only a basic numeric password, rather than the secure and more common combination of alphabet and numeric characters.

John said he was amazed the nation’s biggest online trader was so vulnerable to cyber attacks and had called CommSec to notify them.

After he made two attempts to explain the dire situation, the Sydney-based company dismissed his calls.

John then contacted the Herald Sun in an attempt to have the issue addressed and online security upgraded.

“They should follow up on anything related to a security complaint from anyone — customer or not — they should aggressively pursue that and management should be notified. It’s obvious this (story) is the first management knew about any complaint.”

After a month-long investigation by the Herald Sun, in which two independent computer programmers have confirmed the alarming security flaw, CommSec has been forced to upgrade its online security. The Herald Sun withheld publication until the breach had been fixed.

Commonwealth Bank’s executive general manager of business and private banking Matt Comyn said the nation’s biggest online trader took every credible threat it was notified of seriously.

CommSec notified other banks and financial institutions of the potential threat.

“When CommSec became aware of the threat you reported, it implemented a range of measures to further protect and strengthen its clients,” he told the Herald Sun yesterday.

He said CommSec would reinstate clients to their original position at no cost to them should they be the victim of fraud or crime.

You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes