The fault allowed users to access the account details of other customers simply by guessing their user names, according to reports, and has been traced to a security upgrade that took place two weeks ago.
The problem, which was not identified until 4th November, was fixed immediately, said cahoot, a subsidiary of Abbey National.
In a statement on its site, the bank explained:
"Whilst we take this issue very seriously, we would like to reassure you that at no stage would anybody have been able to get access to your money and no money was lost as a result. The security of cahoot's web site is tested regularly and we are reviewing our processes to prevent anything similar happening in the future. We are really very sorry about this and hope that you will accept our reassurance that the site is now fully secure."
According to Vik Desai, CEO of security firm Kavado, this security breach could easily have been prevented by installing web application firewalls which prevent applications allowing unauthorised access, even in the event of the IT department making a mistake.
In this instance, according to Desai, the technology would have prevented access to account details without the user name and password being supplied, and would also have alerted the bank to the security problem in the system upgrade.
