cyber Vulnerability

Fiserv

Oct 7, 2022 1 min read
Fiserv

Fiserv, Inc., a major provider of technology services to financial institution exposed personal and financial details of countless customers across hundreds of bank Web sites.

Two weeks ago it was discovered something curious while logged in to an account at a tiny local bank that uses.

Hermansen had signed up to get email alerts any time a new transaction posted to his account, and he noticed the site assigned his alert a specific “event number.”

He could view and edit alerts previously set up by another bank customer, and could see that customer’s email address, phone number and full bank account number.

Hermansen said a cybercriminal could abuse this access to enumerate all other accounts with activity alerts on file, and to add or delete phone numbers or email addresses to receive alerts about account transactions.

It would allow any customer of the bank to spy on the daily transaction activity of other customers, and perhaps even target customers who signed up for high minimum balance alerts.

Fiserv declined to say exactly how many financial institutions may have been impacted overall.

The weaknesses in Fiserv’s platform is what’s known as an “information disclosure” vulnerability.

Source: https://krebsonsecurity.com/2018/08/fiserv-flaw-exposed-customer-data-at-hundreds-of-banks/

TPRM report: https://scoringcyber.rankiteo.com/company/fiserv

"id": "fis21197922",
"linkid": "fiserv",
"type": "Vulnerability",
"date": "08/2018",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"
{'affected_entities': [{'industry': 'Financial Services',
                        'name': 'Fiserv, Inc.',
                        'type': 'Technology Services Provider'}],
 'attack_vector': 'Web Application',
 'data_breach': {'personally_identifiable_information': ['email addresses',
                                                         'phone numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['email addresses',
                                              'phone numbers',
                                              'full bank account numbers']},
 'description': 'Fiserv, Inc., a major provider of technology services to '
                'financial institutions, exposed personal and financial '
                'details of countless customers across hundreds of bank '
                'websites. A vulnerability allowed users to view and edit '
                'alerts set up by other bank customers, exposing sensitive '
                'information such as email addresses, phone numbers, and full '
                'bank account numbers.',
 'impact': {'data_compromised': ['email addresses',
                                 'phone numbers',
                                 'full bank account numbers']},
 'references': [{'source': 'Krebs on Security'}],
 'title': 'Fiserv Information Disclosure Vulnerability',
 'type': 'Information Disclosure',
 'vulnerability_exploited': 'Information Disclosure'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.