Deposit products and related services are offered by JPMorgan Chase Bank, N.A. "Chase Private Client" is the brand name for a banking and investment product and service offering, requiring a Chase Private Client Checking account.īank deposit accounts, such as checking and savings, may be subject to approval.
JPMS, CIA and JPMCB are affiliated companies under the common control of JPMorgan Chase & Co. Certain custody and other services are provided by JPMorgan Chase Bank, N.A. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. Annuities are made available through Chase Insurance Agency, Inc. Morgan Securities LLC (JPMS), a registered broker-dealer and investment advisor, member FINRA and SIPC.
Morgan Wealth Management is a business of JPMorgan Chase & Co., which offers investment products and services through J.P. You also earn 5 cash back on travel purchases made through Chase Ultimate Rewards and 3 cash back on dining purchases at restaurants, including takeout and eligible delivery services, and drugstores. Investing involves market risk, including possible loss of principal, and there is no guarantee that investment objectives will be achieved. The Chase Freedom Unlimited credit card awards 1.5 cash back for every 1 spent on all purchases. is a wholly-owned subsidiary of JPMorgan Chase & Co.
NullHumanity said they first brought the issue to the attention of Freedom Mobile on January 30th, but that they were rebuffed by a series of representatives from Shaw’s legal department.“Chase,” “JPMorgan,” “JPMorgan Chase,” the JPMorgan Chase logo and the Octagon Symbol are trademarks of JPMorgan Chase Bank, N.A.
“Their flaw is that phone numbers are widely known and given that I know half of the log-in credential, brute forcing a four-digit PIN is not difficult.” Password versus PIN But phone numbers are easily available,” said Fabricius. In banking, when I do the four digit number I also have my card. “The four-digit PIN is generally combined with something.
Stosh Fabricius, a software engineer at digital payments platform Toronto company Pungle, offered context on how it relates to other industries that use similar four-digit solutions, like banking. Anyone with basic knowledge can do it,” they wrote, adding that they would not share details of their process due to the potential of making more customers vulnerable. NullHumanity reports the process for accessing customer information is overly simple, however. Lakshman also said that Freedom continuously reviews its security practices and is “committed to making improvements and changes as appropriate to continue keeping our customers’ information secure.”įreedom’s security measures, said Lakshman, are designed to protect Freedom Mobile customers’ information from malicious activity while “meeting customer demands for a resonable login process.” We continue to strongly encourage our customers to use unique PIN numbers that are not easy to guess, and to change their PINs frequently to best protect their personal account information.” Are PINs strong enough?įor its part, Freedom Mobile’s vice-president of external affairs, Chethan Lakshman, stated over email: “The security measures we have in place cannot protect against guessing common passwords. Figuring out matching sets can be automated easily,” says NullHumanity. “A phone number is predictable and a 4 digit PIN isn’t secure.
NullHumanity reported that the following data would be available if a hacker accessed a secondary API using the phone number and PIN combo: full name, date of birth, address, email, phone number, full call history and billing history. They believe it would be possible to target as many as 350,000 accounts based on their program’s failure rates and Freedom’s current subscriber numbers. The hacker said they have currently identified 2,000 at-risk accounts on Freedom Mobile’s MyAccount page, but do not intend to do anything malicious with the information they have gained.