New reports are surfacing that N26, the German FinTech company formerly known as Number26, may have security holes in its mobile-only banking product.
According to Reuters, a security researcher discovered that the bank’s mobile apps expose users to the threat of account hijacking. The bank, which has quickly expanded and grown in popularity since launching in 2015, has gained the support of major global investors, including Silicon Valley’s Peter Thiel.
Research fellow and PhD student Vincent Haupert, who studies in the computer science department at the University of Erlangen-Nuernberg, told the Chaos Communications Congress in Hamburg that N26’s security is full of vulnerabilities that could potentially be used to defraud thousands customers.
“They say you can open a bank account in just eight minutes,” Haupert said. “As it turns out, you can lose it even faster.”
Haupert and his colleagues revealed numerous ways in which they were able to attack N26 banking apps in order to takeover individual customer accounts.
“With such a strategy, FinTechs squander the trust that banks established over years,” he explained.
In response, N26 thanked Haupert for bringing “a theoretical security vulnerability” to its attention and confirmed that it completed the suggested security fixes this month.
“At no time during these scenarios was personal data of our customers available to third parties,” a statement from N26 said. “No N26 customer was impacted by the demonstrated vulnerabilities.”
It continued: “We have fully addressed and closed all vulnerabilities promptly and completely,” and quoted Haupert as saying earlier this month that all vulnerabilities he had uncovered appeared to have been fixed.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More