Compromised Access of Barclays Dev Portal?

Description

FAO Barclays - as sent in emails - we are worried about unauthorized access to Barclays dev portal accessing our production app by and unknown individual - we have received the following alert.

Unclear who this is - the way that we logon to barclays dev portal is via OpenBanking SSO via 2FA, and this individual is not in our org in OB Directory - is this a Barclays support person?

Please advise.

*********************

From: "bdn-prodlive@barclays.com" <bdn-prodlive@barclays.com>
Date: Thursday, 21 November 2019 at 21:12
To: Craig Goulding <craig@currensea.com>
Subject: DharamvirKumar requested production access to the Barclays_External_Consent_API

Image removed by sender. Barclays Logo

Hello Barclays API Exchange Member,
One of your "Currensea" team members, DharamvirKumar, requested access to the Barclays_External_Consent_API in the Barclays API Exchange production environment.

Barclays API Exchange user requested support on the portal with the following details:
App Name: Currensea
App Version: Currensea
API Name: Barclays_External_Consent_API
API Version: 1.1
API Licenses: None
API Licenses: None
API Policies: None

We'll review this request and get back to you and your team members within 72 hours.

To comment on this request, please visit your Dashboard.

Thanks
Barclays API Exchange (Live)
Note: This is an automated email. Please do not reply to this message.
Online Banking Guarantee | Terms of Use | Privacy Policy
Security
We never send emails that ask for personal or security details. If you receive an email like this claiming to be from Barclays,you should not reply to it or follow any links it contains – just forward it to internetsecurity@barclays.co.uk and then delete it. Links in our emails will only take you to pages containing information about Barclays products,services or partners. If such a page is part of another company's website,that company's terms,conditions and privacy policies will apply.
Confidentiality
This email is confidential,so if you have received it by mistake,or it isn't addressed to you,please delete it. It may also be privileged,which means you do not have to disclose it as part of legal proceedings.

Technical Impact

Concerned about this access.

Workaround

None

Resolution Notes

None

Impact Assessment

Concerned about this access.

Status

Assignee

Unassigned

Reporter

Service Desk

Reference

None

Service Desk Reference

OBSD-12346

ASPSP

Query Type

None

Created (Original)

Nov 22, 2019, 4:11 PM

TPP Impact

None

TPP

Issue Summary

None

OB Environment

None

Business Impact Severity

Level 2

Share

Yes
Configure