Chase Bank told the I-Team that they aren't seeing unusual activity and they are not telling people to immediately change their passwords. But it only takes a few minutes and security experts say it's better to be safe.
The FBI is reportedly investigating an incident where Russian hackers attacked JP Morgan Chase and at least one other bank possibly getting sensitive data like your checking and saving account information.
"I am very concerned I am going to change my password when I get back to my computer," said Briana Dunne, Chase customer.
Dunne, was one of several people by the chase building in the Loop getting money, she isn't taking any risks.
"I have had some fraud attempts. It takes a while to get money back and I don't want to deal with that," said Dunne.
But a Chase spokesperson tells the I-Team that its cards have zero liability protection which means consumers aren't responsible for unauthorized transactions. The bank also says it has "sophisticated fraud monitoring" which can be adjusted when there is an increased threat. Chase says as a general rule you should change passwords often but is not saying if consumers should do it now.
"Consumers should be better safe than sorry and that means go in and change your password and don't make it easy. Don't make it six characters in lowercase, make it six characters with numbers, letters and symbols," said Scott Grossman, Keeper Security.
Scott Grossman is the COO of Keeper Security in the West Loop, a free app to help you manage all of your accounts and your passwords. There are others like it - but some may wonder- what if those apps are attacked?
"We are a zero knowledge security platform and the encryption key lies with the individual user while the encrypted binary lies somewhere else. The hacker would need both to compromise the account," said Grossman.
You should use as many different passwords as you can for each account. Remember, adding caps and symbols can increase the hack time of a password from 6 hours to 18 days.
Reggie Newton says he'll take his chances with most of the same passwords.
"I'll be honest with you I am tired of changing my password, I am running out of numbers, birthdays and anniversaries to remember," said Newton.
That customer says he has text and e mail alerts set up to warn him of any possible fraudulent activity from his bank.
Complicated passwords are the best, but at the very least, make sure it's not "password1." Surprisingly, studies show that is still the most commonly used password.
Tips and more information from Chase to help protect personal information:
- DO alert us if you see any suspicious activity.
- DO log off or lock your workstation whenever you leave your computer.
- DO install anti-virus, anti-spyware and other Internet security software on your personal computer.
- DO change your Passwords often. Be sure to choose Passwords that are hard for others to guess.
- DO be on the looking for phishing, in the form of email messages that ask for personal information or encourage you to open attachments they may contain.
- When in doubt, delete the message without opening it.
- DO use only software from reliable vendors
- DON'T give your Passwords to anyone. And don't record your Passwords in an easy-to-find place.
- DON'T let others use your personal computer.
Also, security is a top priority for us. We have very sophisticated fraud monitoring and we adjust it when we believe we have an increased threat. Please know that all of the Chase cards have Zero Liability Protection. That means consumers are not liable for unauthorized transactions they report to us.