Confirmed for my santander account. I have not got a credit card, but the NewUni... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		advisedwang on Oct 15, 2012 \| parent \| context \| favorite \| on: Is it OK to hold credit card numbers in cookies, S... Confirmed for my santander account. I have not got a credit card, but the NewUniversalCookie cookie does contain my passcode (in all caps, just discovered it is case insensative!). The data is not just one base64 chunk, but multiple space separated chunks that base64 -d chokes on after a bit. I am probably missing a step.

ed209 on Oct 15, 2012 [–]

wowzer. I just checked for my business account with santander and found my password as you mention.

Edit: although when you get logged out for inactivity or you click log out it seems to get rid of this cookie.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact