My browser stored someone else's online bank account login details
I often use the hungarian OTP bank online bank service nly on my personal macbook. Nobody else uses my comp. Last time when I tried to log in, the username and the account number (these are login data) were not mine! These werent a fake numbers, these were someone else's login details. The password field is always empty and at first glance I did not realize this fake numbers, I just typed my password and the login was unsuccesfull. When I checked the account number I realized these were unknown numbers, not mine. How does it happen?
Additional System Details
- User Agent: Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53
Are you sure someone else did no use your Mac? Family, friend, roommate? Do you have a password on your Mac?
This is my personal MacBook Pro and nobody uses it, my family members do not have account at OTP Bank, only I have. I have not noticed any other suspicious activity on my computer. Because this is mine I do not use any admin passwords. Unfortunatelly I did not notice that account number, I should have had to. :( Now I have nothing to prove this.
Modified by Csikitimi
Do you have Firefox (or another password manager) fill in your logins? I'm guessing not if you have to type your password.
So my guess is that the content of the field came from the site. Usually that would be based on information in a cookie that Firefox sent the site. The cookie probably would have contained a personal or session identifier and not your actual account number.
Usually servers are good at session management and don't mix them up, but on rare occasions server malfunctions happen and you get data from someone else's session. That once happened to me on a hotel reservation site, where I got a screen of someone else's name, address, and payment information. Needless to say, I booked through a different site!
I don't know whether that is what happened to you, or something more sinister.
If you want to see what cookies the site has set, if you return to any page on the site, you can call up its cookies using one of these methods:
- right-click and choose View Page Info > Security > "View Cookies"
- (menu bar) Tools menu > Page Info > Security > "View Cookies"
- click the padlock icon in the address bar > More Information > "View Cookies"
When you select a cookie in the list, its contents are shown in the lower part of the dialog.
The Firefox automatically fills 2 from the 3 fields. These are my ID number (6 numeric caracters) and my bank account number (24 numeric caracters). The third field is the password and because of this is an online bank website Mozilla does not keep it and I never let do. I always have to type the password. At first try I did not realized that the ID and the account number were not mine - I just typed my password as always do. But there was an error message about the incorrect login data. Then I checked and realized those were not my login data. I never use the this online bank from public internet or guest wifi.
Modified by Csikitimi
IMO, you should contact your back about this issue immediately.
If there is absolutely no way that the other ID number and the other account number got into your Firefox installation via someone else using your computer, IMO that indicates one other source for that data - your banks website leaking user data to other users.
Hi Csikitimi, Please do contact the bank as edmeister mentioned. If they do not respond you can find the exact timestamp that the incorrect login was accessed in the time stamp of the cookies that jscher mentioned how to do.
Are these timestamps between the two times you accessed the site and there is a technical way you can access the ip where is was accessed from.
From the add on SQLite Manager, open up the file in your profile called formhistory.sqlite. From there click on the left moz_formhistory. Click on Show all, and you will see when the fieldname or username was first accessed. There will be a number in this format: 1398363304669000 to convert it , use this tool http://www.silisoftware.com/tools/date.php the conversion type should be microsoft. You may need to change it until the date makes sense. If it was only accessed once, the last accessed time field may be better.