GoCardless Security Notification #8865
Replies: 2 comments
-
From what I am guessing, firefly might? use these endpoints, but as far as the UUID's go, these are very hard to obtain/guess. They're random 25 character combinations (if I'm not mistaken) and this is only a formality as they're required to alert you of any potential breaches. tl;dr, unless they had the uuid. They coudn't lookup this data. |
Beta Was this translation helpful? Give feedback.
-
Thanks for letting me know, Codixer. I will check out the source to see if the data importer uses those endpoints. I believe so, but I can't be certain. Either way: if the data importer downloaded somebody else's data I believe it would still fail the import, because it would not be able to match account numbers. Perhaps some residual information from other Nordigen accounts would be in your logs. Those would expire in 5 days. |
Beta Was this translation helpful? Give feedback.
-
Today I received the below email from GoCardless. I run the Firefly III Importer every hour, which connects to my banks via GoCardless. Does Firefly III use the endpoints called out below during this scenario? If not, does it use those endpoints at any other time?
Beta Was this translation helpful? Give feedback.
All reactions