We’ve fixed an issue that meant we weren’t storing some customers’ PINs correctly

The post literally said that a) they were encrypted and b) access was incredibly limited. Monzo is apologising here for doing something that other banks accept as standard.

Ugh. This is so annoying.

I might have missed it?
Is it just personal accounts or joint ones as well?

Both

My App will not update so I have withdrawn my money.

You may be on the latest app version already

‘monzoemail.com’ ? what the?

They legally have to and it’s not like they’re trying to cover it up

They’ve been using that address for a while.

image750×1284 341 KB

Just wait for the clickbait that make it look like everyone’s passport scans are in a pastebin dump

I got the email, but it was in my junk - not sure if that’s just a problem with my emails, but there’s potential for people to miss it if they’re not checking for it in their junk like I was

I’m sure this will come across as sarcastic (it’s not meant to be), but you really have to give it to Monzo for cultivating the type of user it has.

I mean, if any other bank had done this (the actual Micky Mouse issue, followed by a spam look a like email), there would quite literally be uproar from the vast majority of people.

But somehow… The response is “ah, don’t worry… Thanks for the heads up”…

All of this “other banks wouldn’t do that” talk is quickly becoming a thing of the past…

Constant issues with the banking services and now a major security problem - If anything, Monzo have truly arrived as a high street bank now.

never knew this. Login emails are sent from ‘monzomail.com’ - Rarely get any newsletters from Monzo, so never seen the other domain before.

monzoemail.com is an official domain:

Constant?

It’s possible they sent it to other users merely as a security precaution. I have no problem with them being overly cautious.

They really should send emails from Monzo.com. Bit stupid to constantly preach about being user friendly etc and then send emails from a domain that stinks of fraud until you check it’s legit.

Got the email too & instantly thought it could be click bait. I agree about the notification via the app.
Curious as to how this was only picked up on Friday 2nd… did this happen on this day or has our PIN’s been exposed for a while?

https://click.news-alerts.ft.com/f/content-f4f1f00a-b78a-11e9-8a88-aa6628ac896c/Gu768Eh8VRugHD2Dn1NupQ~~/AAAAAQA~/RgRfKr_GP0SjaHR0cHM6Ly93d3cuZnQuY29tL2NvbnRlbnQvZjRmMWYwMGEtYjc4YS0xMWU5LThhODgtYWE2NjI4YWM4OTZjP2Rlc2t0b3A9dHJ1ZSZzZWdtZW50SWQ9ZDhkM2UzNjQtNTE5Ny0yMGViLTE3Y2YtMjQzNzg0MWQxNzhhI215ZnQ6bm90aWZpY2F0aW9uOmluc3RhbnQtZW1haWw6Y29udGVudFcIZmludGltZXNCCgAlxjpIXV2BnhJSF2tlaXJhbmNvcmJldHRAZ21haWwuY29tWAQAAAAA

FT article about it.

I saw some people mention limited access - if one person used it maliciously what does it matter how limited it is?

Monzo would literally not have a clue what someone’s intentions are…