Guys, better check your CIMB itrade accounts.

I know someone who logged on to his CIMB itrade account today, and was instead logged in to someone else's account. The username displayed was correct, but the owner name and the CDS/trading account numbers were all different. Even the watchlist, portfolio etc were not his but instead someone else's.

wtf is going on with CIMB? This is a huge security issue, as someone could accidentally login to my account and sell everything or buy up stocks using the cash in the trading account.

Didnt take printscreen, but he got the CDS #, trading account # and name of the person whose account was accidentally logged in to.

Weird thing was, at the top of the screen, the username showed correctly, but the account is totally different. Called up remisier, then got a callback from some guy form N2N, but seems like they can't figure out the issue. Logged out and in again, everything went back to normal

Demanded letter from cimb / N2N explaining what's going on. Looks like it's some stupid random problem that happens extremely rarely, but this sort of thing shouldn't happen at all.

Don't think this is a widespread problem la.. first time seeing it. But if this can happen even once in a million logins, it can happen again, and who knows what might happen the next time.


Jinxxx:
I'm not sure if CIMB itrade requests for the password before each purchase because I use HLebroking. If they have, then the problem isnt that big because people who accidentally login into other accounts wont be able to make transactions or change the password without the other person's password. But still, there's a ton of private information that's available ie stocks and value of portfolio, address, username, cds/trading account information, payment history etc..