I’ve just done a bit of a test of how easy it is to access my personal data. The premise for the test is that someone has access to my email (I know lots of people who use the same password everywhere, it only takes one site with poor security).
Assuming access to my email, Monzo can be logged into. While an attacker couldn’t take any of my money means they do have access to my:
- Account number and sort code for this and other accounts (some mine, some not)
- Phone number
- Transaction history
- A degree of location history
This seems like a lot of information to have behind single factor authentication. Particularly an authentication method so many people are lax about.
Does anyone else think that this is concerning?