Hacker used social media to steal from neighbours' accounts

But what can banks and their customers do to protect themselves?

A hacker used social networking sites Facebook and Friends Reunited to crack passwords used by his neighbours for online banking services, and stole £35,000 over two years.

According to a report in the Telegraph, the hacker, Iain Wood, logged into the bank accounts of other tenants at his block of flats, and tried to reset their passwords.

As with most online services, these banking portals prompt the user to answer a security question that often involves giving personal information such as the user's mother's maiden name, date of birth or name of their first school.

Many people make these details public via social networking, which Wood used to gain access to his neighbours' online bank accounts.

Some banks, including the Co-operative Bank's Smile, issue customers with secure tokens to enable two-factor authentication, so a randomly generated number is required along with personal details before cash transfers can be made.

However, Woods changed the home addresses associated with the accounts he targeted, and requested that new cards were sent to him, which he then used to withdraw cash. Changing address is rarely protected by two-factor authentication.

Graham Cluley, senior technology consultant at security firm Sophos, said that banks should change their policies so that all online services, including an address change, are protected by two-factor authentication.

"When I log into my work email externally I have to use my authentication fob right from the outset. Why don't banks say right at the beginning when you log in you should use two factor authentication, not just when you're transferring money?"

He also said that if people must give out their personal details via social media, they shouldn't use the same information to secure essential online services such as banking.

Or alternatively, they should provide false information via social media.

"Under Facebook's terms and conditions they say you have to tell the truth," explained Cluley. "I choose not to trust them to look after my personal data, so I use fictitious information, which means they could throw me off the site if they wanted to.

"Unfortunately most people are too open with social media sites, meaning identity thieves and scammers can scoop up that data and use it for their own purposes."