Ax Sharma reports:
Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers.
[…]
The issue is believed to have lasted between May 24th and July 14th this year, and impacted both online banking and Chase Mobile app customers who shared similar information.
Read more on BleepingComputer, but it’s not really clear what they mean by customers who share “similar information.” What does that mean? And did that leakage still occur for customers who use 2FA or MFA? If so, how could that be?
Full disclosure: Chase is one of the banks I use. I have not received any notification — at least so far.