Slashdot Mirror

← Back to Stories (view on slashdot.org)

Danish Bank Leaves Server In Debug Mode, Exposes Sensitive Data In JS Comments

Posted by Soulskill on Wednesday October 7, 2015 @03:52AM from the in-the-case-of-face-v.-palm dept.

An anonymous reader writes: Dutch IT security expert Sijmen Ruwhof has found a pretty big blunder on the part of Danske Bank, Denmark's biggest bank, which exposed sensitive user session information in the form of an encoded data dump, in their banking portal's JavaScript files. The data contained client IP addresses, user agent strings, cookie information, details about the bank's internal IT network, and more. He contacted the bank, who fixed the issue, but later denied it ever happened.

1 of 41 comments (clear)

Min score:

Reason:

Sort:

They didn't deny it happened, just that it was bad by xxxJonBoyxxx · 2015-10-07 03:57 · Score: 4, Insightful

From TFA, the bank wrote "We investigated your report immediately. However, the data you saw was not real customer sessions or data – just some debug information. Our developers corrected this later that day."
Sounds like a lot of crying over nothing. The bank acknowledged and fixed the problem. Winning, right?