Flaw in Fiserv Banking Platform Exposed Personal Data of Countless Customers

No featured articles available

Check back soon for the latest updates and featured content.

Fiserv Inc. a US-based firm which provides technology services to financial institutions has just fixed a flaw in its web platform which exposed the personal and financial data of an unknown number of customers. According to KrebsOnSecurity, the flaw exposed the personal and financial data of countless customers across hundreds of bank Websites. The security researcher Kristian Erik Hermansen discovered the flaw When he logged in to an account at a tiny local bank which uses Fiserv platform and signed up to get email alerts whenever a new transaction happens, and the site assigned his alert to an ‘event number.’ The researcher was able to view and edit alerts set up by other customers by requesting the same page again after changing the site’s code in the browser like by requesting the same page with a different event number. He was able to view and edit customer’s email address, phone number and full bank account number. The attackers could use this flaw change or delete customers phone number or email address and redirect alerts to them. “I shouldn’t be able to see this data, Anytime you spend money that should be a private transaction between you and your bank, not available for everyone else to see,” said Hermansen. KrebsOnSeceurity author Brian Krebs and Kristian Erik Hermansen worked together to find out whether the flaw affects other banks which uses Fiserv platform and discovered that hundreds of other bank website were also vulnerable to the flaw. The researchers notified the company about the issue, and it was patched immediately. “After receiving your email, we promptly engaged appropriate resources and worked around the clock to research and remediate the situation. We developed a security patch within 24 hours of receiving notification and deployed the patch to clients that utilize a hosted version of the solution. We will be deploying the patch this evening to clients that utilize an in-house version of the solution.” said Fiserv spokesperson.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

Flaw in Fiserv Banking Platform Exposed Personal Data of Countless Customers

Fiserv Inc. a US-based firm which provides technology services to financial institutions has just fixed a flaw in its web platform which exposed the personal and financial data of an unknown number of customers

Share Your Story!

No featured articles available

Fiserv Inc. a US-based firm which provides technology services to financial institutions has just fixed a flaw in its web platform which exposed the personal and financial data of an unknown number of customers

Stay Updated with the Latest Cybersecurity News