Well, very Privat ...

I want to tell you about one of the largest banks concerned about the protection of personal data and comply with the law on banking secrecy. [next]
So, straight to the point. There is a site of Privatbank page where agents or employees of private chat can view the history of submitted applications. What you need to log in? For this employee, or agent, enter your mobile phone number, taxpayer identification number, passport number, or ... each employee has LDAP login. Then the fun. Not so long ago (when privat began to cooperate with Skype), all employees of the bank have put Skype. And as a login has been assigned LDAP login.
And now let's say that I want to see the history of the employee Privatbank customers, I need this login. He stands as follows: first the area code, such as Dnepropetrovsk is dn, then the date of birth, for example, 010 180, and the first letters of a name, for example if a worker Ivan Ivanovich Ivanov, it iii. Putting It All Together will have login: dn010180iii.
How to find a real login? Start the search for Skype and look. For example:

Enter login page stories and see the clients as well as their contact details such as phone numbers:

One minute of searching, you can find several logins:
And of course the question of why the data is in the public domain? .. It remains to be seen how these data can be used by intruders.

Source © Habrahabr @ Section: Information Security



See also

New and interesting