Aleksey Mokhov discovered that Privat Bank’s Privat24 mobile banking application had a major security loophole when he was testing it for his online taxi ordering service. It allowed the 25-year-old – or anyone with minimal hacking expertise – to move money from the account of one stranger to another of any kind, anywhere in the world.
After demonstrating the app’s security flaws on Sept. 5 to almost a
dozen high-ranking executives, hacking the account of the bank’s board
chairman in the process, they threatened to go to the police, but later
dropped their charges. In the end, PrivatBank offered Mokhov a
“high-paying job” as a low-level programmer making €1,000. He politely
declined.
