Online banking hacker alarm

Norwegian scare follows hot on the heels of security breaches at Egg.

In the latest security scare to hit online banking, four Norwegian banks left the details of one million customers exposed on their internet sites.

The flaw, which had existed for two months, was only discovered by one of the banks when a 17-year-old boy informed a Norwegian newspaper of how it worked.

Services at Sparebanken NOR, Parat 24, Sparebanken More and Sparebanken Sogn og Fjordane were affected.

A spokeswoman for Sparebanken NOR said as soon as the breach was discovered, it shut down the service and modified its security. "There was one window that was open to those who hacked long enough. That window was closed yesterday, and we are happy about that," she said.

The bank said that there was never any possibility of customers being able to steal money from the accounts, and a hacker would need the customer's account numbers and a good grasp of technology to exploit the flaw.

To exploit the hole, a user would have to be a member of the bank's online service, and log in with their password. At this stage, the address bar containing the URL is hidden but users can bring it back at the top of the browser by choosing Address Bar from the View menu. Users can then replace their account number with someone else's and see that person's details.

Although hackers couldn't use the flaw to steal money from the account, they could see transactions coming in and out of the account. The flaw affected single-user accounts as well as business accounts.

This latest security breach follows problems at Powergen, Egg and Barclays, which have dented the confidence of consumers in the UK.