Potential Chase security breach: Don’t log in?

Late last night / early this morning, Fly & Dine and Doctor of Credit as well as many people on Twitter have reported what could be a major security breach at Chase: people report logging into their Chase accounts only to be taken to a stranger’s account, where they can view all of the sensitive info stored within one’s bank login — credit card history, address, phone number, etc. At this point, Chase has not released any information, but Doctor of Credit suggests that logging in right now might be a trigger.

Dodging 5/24

Right now, we know little beyond what is being reported by individual people (see the Doctor of Credit post linked above for many Twitter screen shots of reports), but I personally intend to check on my accounts by calling the number on the back of my cards and checking balances through the automated system rather than logging in through the website or app in the short term. Hopefully, there will be more information to come.

About Nick Reyes

Nick Reyes is a (fairly) regular guy with an animalistic passion for maximizing the value of miles and money to travel the world in comfort and style. There is little in life that he loves more than finding a fantastic deal and helping you shop smarter & harder to achieve your travel dreams.

More articles by Nick Reyes »

Leave a Reply

13 Comments on "Potential Chase security breach: Don’t log in?"

Notify of

I logged in a couple of time this morning, without incident. Fingers are crossed now


I logged in 3:30 MST yesterday and saw nothing unusual.


What about account aggregator services like Mint and Personal Capital?


On Bloomberg, at 10:15 JP Morgan Chase sent out a couple headlines which claim a glitch gave customers access to others’ accounts on an ‘extremely limited’ basis and it was resolved within hours.

Take that with a grain of salt.


I logged into Greg’s account, and did a quick ACH transfer to my own account; not sure what all the fuss is about!




I logged in earlier this morning to my 3 Chase logins, nothing odd at all.


I logged in yesterday around 5:30pm Arizona time to pay my credit card. I do not have a checking or savings account with Chase. I was suddenly in someone elses checking account with full access. I called Chase and they told me that they knew of the problem – WHY DIDNT THEY SHUT DOWN THEIR WEB ACCESS IF THEY KNEW???


I’m concerned that the app lets you redeem UR points. Anybody having any problems with that?

Lord Bluto

I had 229,000 points drained after the breach and three luxury hotel reservations paid for with points (one in Malaysia and another in Indonesia). Chase caught it and reimbursed the points. Now I know how this happened.

Geoffrey Stuart

They’re taking a page out of IHG’s playbook: I lost 120K points earlier this year. 4-digit PIN is ridiculous. But I digress…


[…] morning, we posted about a possible security breach at Chase bank (See: Potential Chase security breach: Don’t log in?). Chase has since confirmed the breach. According to their news release to Bloomberg, the breach […]


Last week someone changed my Chase username and login then used about 350K points to buy 2 separate tickets to Malaysia and 2 hotel reservations, all for 4 different people. Coincidence that it involved Malaysia as noted by Bluto? It was all straightened out and I got all my miles back. I’m keeping a close eye on my charges though. I thought it was interesting that Chase didn’t think it was necessary to change my account numbers.