Schlagwörter
Aktuelle Nachrichten
America
Aus Aller Welt
Breaking News
Canada
DE
Deutsch
Deutschsprechenden
Global News
Internationale Nachrichten aus aller Welt
Japan
Japan News
Kanada
Karte
Karten
Konflikt
Korea
Krieg in der Ukraine
Latest news
Map
Maps
Nachrichten
News
News Japan
Polen
Russischer Überfall auf die Ukraine seit 2022
Science
South Korea
Ukraine
Ukraine War Video Report
UkraineWarVideoReport
United Kingdom
United States
United States of America
US
USA
USA Politics
Vereinigte Königreich Großbritannien und Nordirland
Vereinigtes Königreich
Welt
Welt-Nachrichten
Weltnachrichten
Wissenschaft
World
World News
28 Kommentare
Never going to live it down if people find out I subscribe to a My Little Pony magazine
Massive GDPR breach. They need to be heavily fined for this.
Too many companies are cutting back on quality control of their IT systems in order to save a few quid. This is a preventable customer data breach.
more and more outages, incidents and security breaches.
take your pick from headcount reduction, outsourcing, AI slop-coding and AI slop-devops.
Well they’ve locked down the apps for now from the looks of it so good luck if you’re with Lloyds group and need to make a transfer this morning
Incoming massive fine from the ICO and probably the FCA.
But I can’t imagine individuals will be able to sue since theres no financial loss.
If I wanted to make an assumption, did the developers of those systems introduce AI-aided coding?
Because you have to have a major screw-up or really bad devs if your system starts showing mismatched account IDs
My bank has sent me a dozen or so messages to tell me that I have gone over my overdraft limit. I hope not, I got paid today and I’m still in bed.
These are three separate banks aren’t they? Are they linked in a business sense? Does one own another?
Not the first time a bank has had a caching issue. You’d think this would be one of the scenarios in their automated testing before releasing any change. Bank account logins are an example of a place you shouldn’t be caching anything, it shouldn’t be too hard to avoid.
Why do I get the feeling this is going to be because of a ‚Vibe Coded‘ change they have done recently…
Not a problem for me, i buy all my dildos through a company called Bobby’s Bits. Nobody’s the wiser.
The rigorous test and release process seems to be deficient. No doubt the ai powered automated testing missed this. Could be time to have some biological controls in the loop again.
Having just opened an account with Lloyds and having accounts with multiple other banks, there’s something deeply amateurish about their app and whole digital banking infrastructure, so this is absolutely no surprise.
This’ll be interesting to see how much they’re fined for this GPDR breach
Ha ha. As a smug IT professional myself, how is that outsourcing of IT looking now ya dick heads!?
Oh shit. I am with Lloyds!
“The incident has been quickly resolved”
No it has not! You just shut the app down.
This is a massive failure of basic data security. Cutting corners on IT testing to save money is exactly how these completely preventable breaches happen. The fines for this should be absolutely massive.
> The 55-year-old also reported being able to view benefits payments from the Department of Work and Pensions (DWP), which use the National Insurance numbers of recipients as a payment reference.
I’ve never been on benefits and didn’t realise this was a thing.
To me this seems… unwise?
DWP should surely have an identifier for an individual which isn’t their NI number, which they could use in payment references if they really needed to, which may only be pseudoanonymisation but still would make it more difficult to commit fraud from finding somebody’s bank statement lying around.
I’m not even sure why their payments need any individual identifiers rather than payment identifiers.
AI coding probably. We have too much code being generated and nobody wants to review it properly. And also our ability to review effectively has atrophied
Amex was doing this too, about 2 years ago. Globally I might add (I saw the transactions of a user from another country). No idea if they’ve ever been fined or even acknowledged the issue officially
Unbelievable that something like this can happen in 2025, 1000x more so as a bank.
Did some vibe-coding intern forget to run their tests before hitting deploy or something.
So do we think: crappy code release? f—ked caching strategy? session clashes?
At what point should we be concerned that transactions are not going to be executed in another account?
Eg. Withdrawing £100 from an ATM is deducted from a random account?
i am so glad i left lloyds after they just did not like me at all. Starling has been brilliant ever since i switched. works flawlessly and support is top notch
Sounds like a feature that they’d never be able to implement if they tried so well done anyways.
Last week Barclays was showing 6 transactions to NowTv in regular payments. Called them as ive never used it and thought my card might have been cloned, oh its just an error and you’ve not been charged.
They’re not alone in the shitness
Sounds like someone screwed up the caching rules on their load balancers. Won’t be the first and won’t be the last.
I am highly confident the failure mode is in the session authentication system at Lloyds.
The way nearly every such application/website authenticates you is that you go to an authentication system which issues you a session token that authorises you to see certain information for a certain time. Your app or browser then presents this session token every time you interact with the bank’s systems (or the social network, or so on).
If that system hands out wrong session tokens, then you get access to other information that you are not intended to get access to. Often that is either a bug in the authentication code or, more perniciously, data corruption in the session data store (due to different bugs) so that correct tokens are generated and stored but wrong tokens are retrieved and given to you.
This has happened before and it will happen again. The idea that it’s absolutely impossible and everyone responsible must clearly be executed on the spot, which seems to be the tone of some other comments, is not quite the reality of the situation.
(Source: 20+ years working on such systems)
Weirdly didnt an AI recently state it could write in COBOL the near dead language used by most banks since the 60’s, not that I imagine its used in apps but is used in atm’s and backend
Knew this new approach of everyone can use each others app was going to end in tears, it’s been rolled out horribly, the old apps were better