Users of German smartphone bank N26’s mobile application could have their data exposed and bank accounts hijacked, researchers found. N26 is a direct bank where users can create and manage bank accounts using only smartphones, without visiting local physical branches.
Close to 33,000 N26 account credentials, obtained from a Dropbox data breach, were publicly released. If hackers obtain the credentials, they can use them to send phishing emails and steal information for hacking user accounts. N26 has since stepped up security of customer accounts after being alerted to the vulnerabilities.