I’d be curious to know how/why this only affects some accounts. Was it only logs from certain services that erroneously didn’t strip the PIN? How long has the issue existed?
Yes, that’s right, only two features were affected by this issue:
I’ve cancelled a standing order but haven’t had a message
We’re just about to start emailing people now
I’m now very curious as to why these services didn’t strip the PIN’s (though standing orders haven’t supported biometric auth on Android since it was introduced, so I have a feeling it hasn’t been touched since being implemented)…
Just got this email… instantly thought it was a scam!
I feel emailing customers this info isn’t the best way specially knowing how many scammy banking emails are sent daily…
I reported it to Customer Services before checking the blog… but seems its real… maybe an app notification would be better next time…
They’re asking you to change your PIN at an atm, what kind of scam would that be?
I too received this and it was in my spam. Should I have not seen this thread (like a huge portion of customers won’t) I wouldn’t have known.
Not at all bothered about the security issue by the way and I appreciate the transparency but just better notification needed
I think an in-app notification would be a pretty good idea, how many people really check their emails, perhaps do both?
I thought the same actually but coming to the community was my way of checking.
I’ve got no issue with the way Monzo have handled this otherwise. Things go wrong sometimes, at least they’re putting it right instead of brushing it under the carpet.
I’ve done neither of these, but i still got the email. Updating app is easy, but going to a cash point, man thats a ballache. Did this affect join account or solo accounts or both?
Thanks for the update I just changed my pin to 5947
A feed item would also be a really good idea. That way even if you miss both you’d notice that when you next open the app.
Agreed, especially for something like this
This is not good. I don’t want to change my PIN because someone at Monzo has made a mistake.
I’ve kept my side of keeping things safe doesn’t sound like Monzo have.
I’m sure a few will disagree but I’m not the one who has done anything incorrect here.
If I don’t change my pin and there is fraud is that called negligence, because the log files are encrypted and only some monzo staff may have seen it?
That’s an interesting question. It definitely seems reasonable to take the risk given the extremely low likelihood of anything bad happening (and the fact that any problems would be ‘on Monzo’). I doubt Monzo would support this, but then you wonder why resetting your PIN couldn’t be enforced?
I’ve seen lots of voluntary password and PIN resets in the past and never thought about this until now.
Ok… everyone in my family has just called me to ask if this email is a scam