The defect in HSBC’s online banking system means that 3m customers registered to use the service have been vulnerable to attack for at least 2 years.

The discovery was made by a group of researchers at Cardiff University, who found that anyone exploiting the flaw was guaranteed to be able to break into any account within nine attempts.

Yesterday, after being alerted, HSBC said: “We are always seeking to upgrade our online security and we will examine the issues raised here very closely.”