Try deleting the app and reinstalling it.
Thanks, that worked 
1 Like
Can you please ask your tech teams to confirm whether this was caused by some sort of debugging code in case the PIN doesn’t use the HSM command correctly?
Also, can they please confirm that:
- Monzo is using an HSM for all card security operations including PIN, CVV’s, PIN scripts etc.
- Monzo is also using the HSM to verify the PIN that the cardholder supplies in mobile app authentication purposes
- The cards system and the app system are separate and each using different connection to the HSM.
Excuse the technical jargon, your team should be able to handle it 
Someone with the kind of access that developers often have (even with auditing, which is never perfect) don’t need a pin to do anything… they can just bypass things like that - and indeed sometimes have to for testing (and yes you sometimes have to test on a copy of the live data to reproduce problems). That’s why they’re vetted, and paid enough so that they have too much to lose by even trying anything bad (aside from the obvious risk of jail time).
If Monzo reckon the only people that saw the pins were a few developers I’m not concerned at all. It was a stupid error… that someone thought that logging something like that was OK, but no harm done.
2 Likes
Yikes, this comes across as a little condescending…
14 Likes
I’ll donate a pound to an anti condescension charity, as soon as Monzo confirms they’re as secure as boring banks who use data centres and hardware encryption and such.
They’re valid questions. The final line just wasn’t needed.
2 Likes
I read it more as clarification after someone picked him up earlier for using jargon.
What if someone had gained unauthorised access to Monzo’s systems? The fact the PINs appeared in the log at all is a worry!
2 Likes
So do I need to change my PIN or not?
CS time frame - Okay, we’ll find someone to help you and let you know when they’re here. The current wait time is 2 hours.
I guess the logging was for a non PRD env (for dev and UAT) and when the service went live, the additional logging wasn’t disabled.
edit 
:
PRD = Production
env = environment
dev = development
UAT = User acceptance testing
1 Like
No, monzo’s system were not breached and just because the developers can see the data it does not mean anyone else can.
Developers generally have very wide access to view data but that access is restricted to them and specific programs. It’s just certain data would be further restricted.
If you got the email you should change your PIN and make sure you’re on the latest app version
1 Like
I didn’t suggest anyone had breached their systems?!
Monzo has admitted that engineers had access to log files that wrongly contained PINs. That’s what this entire thread is about. Why you feel the need to minimise this issue is beyond me.
The PINs shouldn’t have been in those log files, full stop.
3 Likes
I can’t give fully detailed answers to all your questions for various reasons but I can say the following:
- lots of banks store PINs using two-way, rather than one-way encryption. Any bank that can tell you what your PIN is isn’t hashing it and certainly some of the UK high street banks can bring your PIN up on screen in the branch
- anyone who has worked in IT/development for a bank for a couple of years would be able name at least a few embarrassing incidents where their colleagues had stored stuff in places they shouldn’t. Remember that a large chunk of the software development staff for UK banks are contractors who stay in the role for only 6-9 months (often less)
- unless I mistyped something I don’t think I ever said the PIN wasn’t viewable by a human. It seems that a small set of Monzo employees had access to a log that included some PINs for the past 6 months or so. Of course these same developers could probably just grab your encrypted PIN out of the database and decrypt it if they wanted to anyway
- I’d be pretty confident that Monzo don’t have to publicly declare that they’ve stored your data somewhere where they didn’t intend to store it. There hasn’t been a data breach. There might be a beach of PCI codes, I’ve but checked and it’s been a few years since I’ve worked with them, but I don’t think any form of public declaration is required.
My personal guess would be that the PIN was never deliberately expressly logged, it was likely more a side effect of something else, like logging all of the inputs to a particular method or dumping the whole stack of a microservice.
2 Likes
I suppose the point I’m trying to get across is that the PINs were stored in a log where they weren’t supposed to be. (We don’t know how that came about yet but I would hazard a guess it’s another development issue that has been allowed to slip through into production.)
Some people were able to view these logs. The fact they happen to be engineers is neither here nor there - they weren’t supposed to be able to see the PINs that had been incorrectly stored in there.
Perhaps Monzo and its customers have been fortunate in that the PINs were accessible by a small number of engineers. What if they had been viewable by a larger number of staff? Not engineers? What if the systems had been compromised by a malicious actor? It’s sheer fluke that the risk factor isn’t a lot higher.
For me it highlights yet again that Monzo really need to tighten up their processes. We haven’t even had the post mortem from the last major incident caused by human error!
2 Likes
No but you suggested unauthorised access and this isn’t what has happened here and just because someone could get access doesn’t automatically follow they could access the data in any case.
My impression is the access was limited to the developers and that doesn’t mean all of them necessarily.
Security would be a layered approach. Just like a castle, just because you get through the front door, doesn’t mean you get the crown jewels.
I’m downplaying it because nothing I’ve read from Monzo suggests the level of concern raised by some imo. It’s serious hence they’ve asked people to change their pin and they’ve notified the relevant regulators. It doesn’t suggest the information was compromised to anyone that doesn’t already work within the bank. And bank staff already have significant accounting controls.
Finally people who work in finance are heavily vetted and checked for criminal records, financial fraud, financial problems eg bankruptcy etc.
2 Likes
Aren’t those two slightly counter to one another?
The details did not go further because they only went into an encrypted log that only a few people with high privileges could see
That’s not a fluke and there was no luck that it did not spill onto the internet
On another day those same restrictions - “processes” even - would similarly apply
I agree with you that it’s a bad mistake and should be avoided, but don’t like the potential implication that only luck stopped a worse issue
2 Likes
As previously mentioned it’s not a sheer fluke and Dan that’s a pretty inflammatory thing to say and will only serve to panic people when it’s nothing of the sort.
It was encrypted data that could only be decrypted by the software developers.
While I’m sympathetic to your point I think you have to acknowledge what others are saying here too. It is the good processes put in place by Monzo that ensured that the logs were encrypted and had restricted access.
I’m sure off the back of this processes will improve. You can’t take occasional mistakes as a sign of bad processes, it sounds like you think process can remove all scope for human error, which it cannot. The only way to avoid any risk of issues is to never set up a bank (or any business) in the first place.
Again, Monzo get stung by being transparent about how businesses work whereas other businesses make far more mistakes and simply cover them up.
2 Likes