A SECURITY loophole at internet bank Cahoot allowed customers to access other people's accounts for 10 days without a password.
The blunder, affecting around 650,000 accounts, led to red faces at the bank's owner Abbey.
It came a few days after the bank relaunched the website in the hope of attracting new customers.
The site was closed for 10 hours for repairs amid fears money could be stolen.
But bosses insisted that while account information could be viewed, no money could be transferred.
Tim Sawyer, head of Cahoot, said: "We need to look closely at our processes because this has not been our greatest moment. However, there was no risk of financial loss."
He said the security breach had been caused during a system upgrade 12 days ago and the bank would now be reviewing its internal testing arrangements.
Rob Hamadi, a security expert from the British Internet Publishers Alliance, said: "A bank really has to get its security right otherwise it is an open invitation to steal money."
The warning comes as the number of internet bank customers in the UK has grown to 12million.