[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 5 November, 2004, 06:47 GMT
Online banking: Breakfast investigates
A viewer told Breakfast about the problem with Cahoot's site
A Breakfast investigation has revealed a major security breach at the Abbey Bank's Cahoot website.

After being contacted by a Breakfast viewer, our reporter Max Foster uncovered a loophole which meant customers could log in to other people's accounts using just a user-name and bypassing any security information.

What you told Breakfast
The man from Cahoot says you'd have to tell someone your'difficult' security ID to someone before accounts could be accessed. My Cahoot ID is my name. Is this 'difficult'? I'm not so sure.

The site was closed down temporarily and made safe by Cahoot yesterday.

This major security breach was exposed when a Cahoot customer contacted BBC Breakfast.

He said he'd stumbled upon a way of getting into his account with just his username. He didn't put in his password and he skipped through the other security questions.
Breakfast's Max Foster
Max Foster investigates online banking

Our reporter Max Foster tried the same process on a friend's computer - and found he could access her Cahoot account details, too.

When Cahoot was informed yesterday, they closed the site down temporarily.

Engineers worked late into the night and tracked the loophole down to a system upgrade 12 days ago.

The company has apologised and added that if hackers had discovered the flaw they wouldn't have been able to move money between accounts.

How safe is online banking?

  • We talked to the head of Cahoot, Tim Sawyer.

    Tim Sawyer of Cahoot
    Cahoot says money could not have been moved from accounts
    "This was a serious matter, but for someone to get access to another Cahoot customer account, they would have needed the secure ID," he told Breakfast.

    "Even then a fraudster could not have done any financial transactions. "

    The glitch happened when Cahoot updated its software 12 days ago, he said:

    "We have done a complete review of the site and we are confident there are no other issues."

  • Breakfast talked to Sandra Quinn of the bank clearing service APACS.

    "The good news is is that there's nothing to worry about, " she told us. "Cahoot did the right thing. They closed down the site and made sure that the problem was fixed."

  • How to avoid online fraud

    The biggest threat to your online bank account is replying to a fake e-mail, according to Ken Clayton of internet security firm Ref Tech Services.

    You should never give your bank details in an e-mail, any more than you'd hand over your house keys to a stranger.

    And, you should never follow a link to a bank from an e-mail, in case it's a fake website.

    Cahoot security
    Breakfast's Max Foster investigates a viewer's complaint

    The trouble with online banking
    Max Foster explains his investigation

    Cahoot's response
    We brought the head of Cahoot Tim Sawyer into the Breakfast studio

    BBC Breakfast


    Your Comments
    12 Aug 04 |  Breakfast


    News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
    UK | Business | Entertainment | Science/Nature | Technology | Health
    Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
    Americas Africa Europe Middle East South Asia Asia Pacific