Here’s a sobering computer security story. So I signed up up for wikinvest.org about two days ago, but didn’t immediately receive a confirmation email. Then this afternoon I did… along with a second message saying my brokerage account had been added. That’s odd, I though; I didn’t link my brokerage account. I opened the email, which said in part:
You’ve successfully added the following accounts to your Wikinvest portfolio :
Account: Morgan Stanley Smith Barney Acct ***688A
Account: Morgan Stanley Smith Barney Acct ***687A
Account: Morgan Stanley Smith Barney Acct ***673A
What? I don’t even have brokerage accounts with Morgan Stanley. But when I logged in, the accounts were there:
Pretty wacky, right? Whoever’s account this is has $582,822 in the market, mostly in ETFs. (They’re down $8,000 on the day, at least as of this writing). And no, I can’t access this account or withdraw from it or anything like that, even if I wanted to. Or see who really owns it. But still seems like a pretty stunning bug by Wikinvest… [or maybe not; see below]
UPDATE 1/20/2011: Okay, I just chatted with one of the head honchos at Wikinvest. What actually apparently happened is a bit of a bizarre coincidence. Someone with a very similar email address to mine I guess signed up for the service around the same time I tried to, apparently giving them my email address rather than his. That explains why I didn’t get a confirmation email until a few days later… when he tried to get in and reset his account. Whooops. I know it sounds far-fetched but I believe it — the account username I received was a letter off the one I usually use. I had thought it was a typo on my part, but apparently not.