David Eade is a web developer and web security consultant, based in Billingshurst, West Sussex, UK. Most security vulnerabilities are privately reported to the respective vendor. This blog includes only publicly disclosed issues.
Customers could log in to other people's accounts using just a user-name and bypassing any security information.
5 November 2004
David Eade exposed a security loophole allowing cahoot customers to access other peoples' accounts without a password. Customers could log in to other people's accounts using just a user-name and bypassing any security information. The cahoot website, run by Abbey bank, was closed down for 10 hours to carry out urgent repairs. Tim Sawyer, head of Cahoot bank, said it needed to learn lessons from the security breach.
"A Breakfast investigation has revealed a major security breach at the Abbey Bank's Cahoot website."
"A security loophole at internet bank Cahoot briefly allowed customers to access other people's accounts, a BBC investigation has revealed."
David Eade was interviewed for BBC Breakfast regarding the Cahoot security loophole.
"The cahoot website is littered with reassuring messages about its security policy but, as one of our viewers pointed out, the claims were questionable..."
"A major Internet bank had to close for 10 hours after it was discovered that customers' accounts could be accessed without a password. Cahoot, run by Abbey, has apologised for the loophole in security. Max Foster reports..."
Several newspapers reported the Cahoot security loophole. David Eade is not responsible for the content of these articles or external sites.