A number of JPMorgan Chase customers' accounts were exposed after a "glitch" briefly gave some clients access to other people's online accounts instead of their own. The issue was first reported by Fly & Dine after one of the writers' fiancé tried logging into their online bank account but instead gained access to the account of a random other client in New Jersey.
"We could see his credit cards, his login details, his addresses, his phone numbers, and every other piece of sensitive information that's lurking in your online bank account," Jason Kessler wrote. The couple notified Chase of the error and were told by a customer service representative that other people have been calling in all day reporting similar issues.
Multiple irked customers also took to Twitter and Reddit to complain about the glitch that seemed to affect users of both the Chase.com website and the bank's mobile app.
"I logged into the online banking system using my own account information and the Chase system instead logged me into an entirely different person's account, a person I have no knowledge of," one Reddit user reported. "When I logged out of the account, and logged in again using the same account info, I was then able to access my own account.
One customer said they only noticed the error when they saw the credit card balance was less than $100.
"I thought maybe they updated the site and was using a sample screen to show new features but I clicked around in the profile settings and saw a different name and email," the user wrote.
Users said they were able to view a trove of confidential, financial information within other people's accounts including their checking, savings and credit card account details, balances and other personal data.
The problem affected "a pretty limited number of customers" attempting to login between 6:30 pm and 9:00 pm EST on Wednesday before it was resolved, the company said.
Company spokeswoman Patricia Wexler said JPMorgan has not yet received any reports of malicious money transfers made as a result of the glitch so far, but will work with customers if such a case does pop up.
"We know for sure the glitch was on our end, not from a malicious actor," Wexler told cybersecurity expert Brian Krebs. "We're going through Tweets from customers and making sure that if anyone is calling us with issues we're working one on one with customers. If you see suspicious activity you should give us a call."
She said the incident was caused by a technical glitch, and was not the result of a hack. The bank is still trying to determine how many customers were affected by the glitch.
"This was all on our side," Wexler noted. "I don't know what did happen yet but I know what didn't happen. What happened last night was 100 percent not the result of anything malicious."
IBTimes UK has reached out to JPMorgan Chase for further comment.