If you’ve got your money tied up with HSBC, better be on your tip-toes: a research team from Cardiff University has discovered a flaw in HSBC’s banking system that exposes three million customers’ accounts to the theft of wily hackers.

The flaw’s been in effect for a couple of years, and the accounts can be broken into within nine attempts. Hackers using keyloggers will be the ones who will be most capable of taking advantage of the security hole, because HSBC’s anti-keylogging system doesn’t work at all. “The only reason it’s a theoretical [flaw] is that they’re fortunate no bad guys have [exposed it] yet.”

HSBC downplays the whole issue, natch:

HSBC downplayed the discovery of the flaw, saying that, “It is an extremely sophisticated attack that would require a particular and time-consuming focus on one individual victim” and therefore criminals wouldn’t be bothered to try it.

Better keep up on your spyware sweeps, people.

HSBC Security Flaw Exploses Millions of Customers’ Data [Consumer Affairs]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.