Ally suddently asking to input new password
Ally suddently asking to input new password
I tried to log in to Ally this morning and after the usual login/password it stopped and asked me to enter a new password and confirm. Same thing happened on my phone app. I didn't get an email from them, wondering if this is some malicious attempt to take over my account. Anyone else seeing this?
Bogleheads Wiki: https://www.bogleheads.org/wiki/Main_Page
- sapphire96
- Posts: 193
- Joined: Fri Jun 16, 2017 8:08 pm
Re: Ally suddently asking to input new password
I had to insert in a new password as well, but strangely it took my old password.
Keep interest as your friend, not your foe. |
Use money as a tool for bettering your life, not squandering it. |
Stay the course, don’t deviate from it.
Re: Ally suddently asking to input new password
I no longer have any assets with Ally, but my account is still open.
I logged in just now and no problems.
I logged in just now and no problems.
-
- Posts: 16054
- Joined: Fri Nov 06, 2020 12:41 pm
Re: Ally suddently asking to input new password
I saw this about a week ago and changed my password accordingly. No email from them.
There's no malicious attempt from them, but it's possible they got hacked and secretly asking those who were impacted.
There's no malicious attempt from them, but it's possible they got hacked and secretly asking those who were impacted.
Re: Ally suddently asking to input new password
Reviving this old thread. I just got a letter in the mail from Ally saying that our usernames and passwords were exposed to 3rd parties due to a "programming code error." I bet this is why they are forcing everyone to change their password.
A big question in my mind is: Were are passwords actually exposed in clear-text to the 3rd parties? Or just the hashes? Did they get any other information? I've noticed a big up-tick in spam to my primary email account recently -- maybe that's related, maybe not. Also, it would be nice if Ally were to actually list what the names of the 3rd parties are?
A big question in my mind is: Were are passwords actually exposed in clear-text to the 3rd parties? Or just the hashes? Did they get any other information? I've noticed a big up-tick in spam to my primary email account recently -- maybe that's related, maybe not. Also, it would be nice if Ally were to actually list what the names of the 3rd parties are?
Re: Ally suddently asking to input new password
Thanks... no letter but just updated anyway from an abundance of caution. They probably don't know who the third parties could be but dates of exposure or breach might be included as well.rantk81 wrote: ↑Sun Jun 20, 2021 6:48 am Reviving this old thread. I just got a letter in the mail from Ally saying that our usernames and passwords were exposed to 3rd parties due to a "programming code error." I bet this is why they are forcing everyone to change their password.
A big question in my mind is: Were are passwords actually exposed in clear-text to the 3rd parties? Or just the hashes? Did they get any other information? I've noticed a big up-tick in spam to my primary email account recently -- maybe that's related, maybe not. Also, it would be nice if Ally were to actually list what the names of the 3rd parties are?
Re: Ally suddently asking to input new password
Yeah, I should have noted it in my first reply -- but the date of the occurrence was mentioned as April 12, 2021 in the letter they sent me.
I changed both my username and password (again) this morning, just to be safe.
I changed both my username and password (again) this morning, just to be safe.
- anon_investor
- Posts: 15122
- Joined: Mon Jun 03, 2019 1:43 pm
Re: Ally suddently asking to input new password
Weird, I got no letter and I was able to login on my phone with no prompt to change my password, maybe I should change mine now...Marseille07 wrote: ↑Sat Apr 17, 2021 11:10 am I saw this about a week ago and changed my password accordingly. No email from them.
There's no malicious attempt from them, but it's possible they got hacked and secretly asking those who were impacted.
-
- Posts: 16054
- Joined: Fri Nov 06, 2020 12:41 pm
Re: Ally suddently asking to input new password
This was a couple of months ago. I was speculating then since only few users got prompted to change their password.anon_investor wrote: ↑Sun Jun 20, 2021 11:39 amWeird, I got no letter and I was able to login on my phone with no prompt to change my password, maybe I should change mine now...Marseille07 wrote: ↑Sat Apr 17, 2021 11:10 am I saw this about a week ago and changed my password accordingly. No email from them.
There's no malicious attempt from them, but it's possible they got hacked and secretly asking those who were impacted.
- anon_investor
- Posts: 15122
- Joined: Mon Jun 03, 2019 1:43 pm
Re: Ally suddently asking to input new password
Only saw this now, I just changed my PW now, just in case.Marseille07 wrote: ↑Sun Jun 20, 2021 11:49 amThis was a couple of months ago. I was speculating then since only few users got prompted to change their password.anon_investor wrote: ↑Sun Jun 20, 2021 11:39 amWeird, I got no letter and I was able to login on my phone with no prompt to change my password, maybe I should change mine now...Marseille07 wrote: ↑Sat Apr 17, 2021 11:10 am I saw this about a week ago and changed my password accordingly. No email from them.
There's no malicious attempt from them, but it's possible they got hacked and secretly asking those who were impacted.
-
- Posts: 16054
- Joined: Fri Nov 06, 2020 12:41 pm
Re: Ally suddently asking to input new password
Marcus Savings is known to be extremely secureanon_investor wrote: ↑Sun Jun 20, 2021 11:50 amOnly saw this now, I just changed my PW now, just in case.Marseille07 wrote: ↑Sun Jun 20, 2021 11:49 amThis was a couple of months ago. I was speculating then since only few users got prompted to change their password.anon_investor wrote: ↑Sun Jun 20, 2021 11:39 amWeird, I got no letter and I was able to login on my phone with no prompt to change my password, maybe I should change mine now...Marseille07 wrote: ↑Sat Apr 17, 2021 11:10 am I saw this about a week ago and changed my password accordingly. No email from them.
There's no malicious attempt from them, but it's possible they got hacked and secretly asking those who were impacted.
- anon_investor
- Posts: 15122
- Joined: Mon Jun 03, 2019 1:43 pm
Re: Ally suddently asking to input new password
But they don't have 24/7 phone support, so if s*!t hits the fan, you are SOL if it is outside business hours!Marseille07 wrote: ↑Sun Jun 20, 2021 11:51 amMarcus Savings is known to be extremely secureanon_investor wrote: ↑Sun Jun 20, 2021 11:50 amOnly saw this now, I just changed my PW now, just in case.Marseille07 wrote: ↑Sun Jun 20, 2021 11:49 amThis was a couple of months ago. I was speculating then since only few users got prompted to change their password.anon_investor wrote: ↑Sun Jun 20, 2021 11:39 amWeird, I got no letter and I was able to login on my phone with no prompt to change my password, maybe I should change mine now...Marseille07 wrote: ↑Sat Apr 17, 2021 11:10 am I saw this about a week ago and changed my password accordingly. No email from them.
There's no malicious attempt from them, but it's possible they got hacked and secretly asking those who were impacted.
A good example of why you shouldn't reuse passwords.
-
- Posts: 16054
- Joined: Fri Nov 06, 2020 12:41 pm
Re: Ally suddently asking to input new password
I never reuse passwords, which is why it was surprising to see the new password prompt 2 months ago.anon_investor wrote: ↑Sun Jun 20, 2021 12:00 pm But they don't have 24/7 phone support, so if s*!t hits the fan, you are SOL if it is outside business hours!
A good example of why you shouldn't reuse passwords.
Always use a password generator and store in a password manager.
Re: Ally suddently asking to input new password
I received the letter on Friday.
It was a coding error that outputted the personal information in a report to a third party in a data exchange file. Any technology provider could have made this error unfortunately.
It was a coding error that outputted the personal information in a report to a third party in a data exchange file. Any technology provider could have made this error unfortunately.
Re: Ally suddently asking to input new password
Nope, it's not possible to leak plaintext passwords like this if the technology provider is following best practice.
Passwords should never UNDER ANY CIRCUMSTANCES be stored in plaintext in a system... they should be hashed before storage using one of the CPU-intensive hashing algorithms appropriate for this use case. This is application design 101 level stuff.
Amateur-level mistake. It's extremely alarming that a bank as large as Ally would design an application this way, it makes me wonder what other lazy shortcuts they made in their systems. If I had an account there I'd be moving everything elsewhere ASAP.
Re: Ally suddently asking to input new password
Yes, I know. I build web apps with u/p storage. I don't trust any of these systems, which is why I use unique passwords.Fogbank wrote: ↑Tue Jun 29, 2021 6:10 amNope, it's not possible to leak plaintext passwords like this if the technology provider is following best practice.
Passwords should never UNDER ANY CIRCUMSTANCES be stored in plaintext in a system... they should be hashed before storage using one of the CPU-intensive hashing algorithms appropriate for this use case. This is application design 101 level stuff.
Amateur-level mistake. It's extremely alarming that a bank as large as Ally would design an application this way, it makes me wonder what other lazy shortcuts they made in their systems. If I had an account there I'd be moving everything elsewhere ASAP.
I'm just regurgitating the letter I received in the mail.