Posted by William Charles on February 22, 2018
Bank Account Bonuses

Published on February 22nd, 2018 | by William Charles

68

[Confirmed & “Resolved”] Reports Of Significant Security Issue With Accounts At Chase

Update: Chase has confirmed that this was indeed an issue and it has been fixed.

  • We’re still investigating now, but at this point believe it was extremely limited in scope – Trish Wexler, spokesperson for JPMorgan

Wexler also went on to say that they know of no unauthorized transactions but would work with any customers to resolve any problems. It should be noted that there are reports of unauthorized transactions being made on people’s accounts who also logged in and saw somebody else’s account (see the original reddit post) this is contrary to the Chase statement.

There are some concerning reports coming out from customers with deposit accounts at Chase (seems to not be limited to only deposit accounts). To summarize the issue a number of people have logged into their accounts as normal, only to find that they have been logged into an entirely different person’s account (somebody they have no relation to). To make matters worse it seems that when you’re logged into somebody else’s account you’re able to make transfers and access other information. Some people have reported that they have logged into their own accounts only to find that unauthorized transactions have been made.

Reports first started to come in on reddit’s personal finance subreddit, but boarding area blogger fly and dine has also reported the same issue. It seems that this might be a caching related issue (something similar happened to Steam) and one of the causes is actually logging in, so I’d recommend that all readers avoid logging into their Chase accounts at this stage (although keep in mind that’s speculation at this stage). We’ve reached out to Chase for comment.

Additional reports/datapoints:

If you were affected, please share your story in the comments.



68
Leave a Reply

avatar
 

  Subscribe  
newest oldest
Notify of

So resetting password would not help then? Never heard of this before.

This issue while concerning looks to be internal human mistake as opposed to an external attack trying to drain accounts.

Mainly because it’s not limited to Windows/iOS/Android system or devices and because it is not just PW its also Biometrics (fingerprints/faces/Irises) as well as not just browser or app limited, it seems to be too widespread to be exploits based on the spectre / meltdown CPU hardware exploits.

In the unlikely event it was a targeted attack, hopefully, we have not agreed to some onerous arbitration clause in the TOS.

No direct/indirect relation to J.P Morgan,
Other than we have accounts for the bonuses and reward points.

I’ve not done bill pays or Zelle with Chase account but It did seem to take 1-2 business days to connect to external deposit accts. And the made and reversed micro transactions.

If this was a Caching issue similar to the Steam event mentioned above, it minimizes and helps mitigate theft of funds (not necessarily the headache or hassle from freezes/ denied payments, etc.)

Pretty much it sounds like Chase customer’s are redirected to other Chase customer accounts, as opposed to targeted theft issues of card skimmers, key loggers, malware, and identity theft.

So I’m less concerned (even with $15k in savings for the Chase bonus). As the great majority of Chase customers are honest law-abiding people, those Chase members that are thieves or stupid people that are oppuntunstist, more than likely will get caught.

Chase is required to “Know your customer” so for the majority of account holders they have DL, SSN, mailing address, possibly IP address, etc, and since this issue seems to more an issue of one Chase customer sent to another Chase customer’s account, and all electronic transfers in/out IP addresses and acct# are recorded on both ends.

It may expose dishonest people, who attempt to transfer or spend money that is obviously not their money, like spending /withdrawing money deposited by accident in to your account (and you have no plausible reason to believe or prove you did, ” I was expecting an inheritance/settlement/payment” and can show proof).

I’m actually far more worried about the Equifax breach. ID theft and damaged credit is can be incredibly difficult and time consuming to repair and remedy.

If this is a caching issue, two-factor authentication would not help.

Well that’s potentially horrible. I had trouble logging in yesterday as it said I had exceeded the amount of times i could log in with my temporary password (I was using my regular pw). I had to call them to log in, but the CSR seemed to think it was just an issue of still having a business login with no open business account. Transactions all looked normal once I got in.

I, too, had trouble logging in yesterday.. wow, that could potentially be insane

wow…this could be really bad

Chase rejected a $400 online purchase I made today as possible fraud. I’ve made similar purchases without issue, so now I’m betting it was related to this.

Maybe Chase will get off their arrogant high horse now…

Ehh probably not. Actually, definitely not. Nothing, as usual, will change due to this security breach.

Fellow readers: what are you gonna do about it? Oh yea nothing. That’s just how chase likes it.

Is this issue related to 5/24? apparently there is a causational relation b/w these 2. Before 5/24 was invented, there had not such horrible things.

If anyone gets my account on accident, feel free to use the portal for any purchases.

Gonna use your UR points for… Amazon purchases! Muhhaha!

The fact that this problem is technically possible in the first place is extremely alarming.

Tell me one thing: Why on Earth didn’t they shut down all access already, when they first found this out? Or are Chase IT still oblivious to the problem? ARE CSRs not flagging it?

Exactly… it’s not like they aren’t doing routine maintenance anyway. Just pull the site and fix the problem, Chase.

I had something different weird happen to me. Got a iOS notification from chase app saying they can’t email or text me, log in and check in. When I logged in on desktop I reached my account but my email address had been changed to be one letter off. (Actually an added number). I changed it back. No clue why this happened tonight randomly.

Michael,

This is a big issue. That means someone else created a separate but similar email address for your account. They removed your other contact information to prevent you from resetting your password (as these are the secondary authentication/verification). I’d be extremely cautious with your account.

Good luck

Someone was trying to steal your account and make it impossible for you to recover. That is extremely alarming.

That happened to me with a Hilton account. Luckily the fake email had been shut down by google. It could be completely unrelated, or scammer knowing if the issue is doing that to whatever accounts they are accidentally logged intro. It might not be your only account this has happened to. I’d check all your other financial and award program accounts as well

Information Booth
Information Booth

THANKS… calling the bank and not using my mobile app!! So grateful for heads up… Jesus and I, both, love you guys.😉

I tried to log in right now with my mobile app (ipad) and I was able to access my account. Hopefully this is fixed now. But the fact that a security issue like this happened to Chase, it is incredibly upsetting.

And I’m out of the country. Dammit!

Delayed karma for Chase. This won’t be pretty.

my normal password stopped working about 5 days ago, just did the 25k savings n checking lol, hey Jamie Dimon…tell me how cryptocurrency is full of fraud again plz

logged in and found a fraudulent transaction in checking account from a capital one mobile payment. we don’t have capital one and couldn’t initiate a mobile payment. fraud team suggest we close account.

Back to Top ↑