SBI data breach: Bank forgets to password secure its server, ends up compromising customer details

According to findings, this unsecured bank server was part of SBI Quick.

What can be called serious negligence on the part of India’s largest bank, the State Bank of India (SBI) forgot to secure its server hosting sensitive information in one of its Mumbai installations, allowing anyone to access financial information like bank balances and recent transactions of millions of its customers?

It is being anticipated that due to this blunder, information related to bank balance, bank account number and other key bits were leaked.

According to a report published by Techcrunch, a tip-off from an anonymous security researcher highlighted that “the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information”.

- Advertisement - - Article resumes -

Though there is no surety as to how long this lapse persisted, it was rectified soon after Techcrunch approached the bank and informed about the glitch.

None of the SBI officials commented on this matter.

According to findings, this unsecured bank server was part of SBI Quick. This facility allows the bank customers to send a message or make a call to carry out basic banking functions.

According to the information provided on the bank’s website, the ‘SBI Quick – MISSED CALL BANKING is a free service from the Bank wherein you can get your Account Balance, Mini Statement and more just by giving a Missed Call or sending an SMS with pre-defined keywords to pre-defined mobile numbers from your registered mobile number.’

Meanwhile, what makes it more concerning is that because this particular app connects the customer’s phone number to his/her account, the data leaked from the bank’s server can be used by identity thieves or scammers to swindle money from bank’s accounts.

The report issued by Techcrunch noted that after gaining entry to the unsecured SBI server, the Techcrunch team was able to see “text messages going to customers in real-time, including their phone numbers, bank balances, and recent transactions The bank sent out close to three million text messages on Monday alone.” The server also allowed access to the archive of messages till December 2018, that were supposedly sent to SBI users.

Its database also contained the customer’s partial bank account number, confirmed Techcrunch.

The India-based security researcher, Karan Saini asserted that “the data could be potentially used to profile and target individuals that are known to have high account balances”.

Saini also confirmed that knowing a phone number “could be used to aid social engineering attacks- which is one of the most common attack vectors in the country with regard to financial fraud,” he said.

Recently, State Bank of India (SBI) had alleged misuse of Aadhaar data. Logins and biometrics of their Aadhaar operators have been misused to generate unauthorised Aadhaar cards, bank officials informed UIDAI.

However, the Unique Identification Authority of India (UIDAI), the authority that established the database, had rubbished SBI’s claims.

SBI has more than 500 million customers across the world, with 740 million accounts.

Share This Post and Support:
We need your support to survive in the media industry. Please consider paying us for the content we produce:

To know more about these payments, please click here.

Most read articles recently

Pakistan quotes The Quint, Karan Thapar and Praveen Swami to brand Kulbhushan Jadhav as a ‘RAW spy’ at ICJ

Pakistan quoted several articles published in Indian to present its case during Kulbhushan Jadhav hearing at the International Court of Justice
How Ravish Kumar and Vinod Dua misled people about ‘martyr status’ to CRPF jawans after Pulwama attack

How Ravish Kumar and Vinod Dua misled people about ‘martyr status’ to CRPF jawans

Ravish Kumar of NDTV is a man known for many lows. But this may well be his lowest point.
Image Source: The Week

Mandya: Actor-turned-politician Prakash Raj attends funeral of Pulwama martyr, villagers expose his hypocrisy towards Armed Forces

Prakash Raj, a left wing ideologue, who is often known for joining hands with the left-liberals to express their hate towards Hindus and the BJP, has plans to contest in the upcoming elections from Bengaluru Central Lok Sabha constituency.

The Hindu not only cropped the Rafale dissent note, but also had digitally manipulated it

Comparison of Hindu document with ANI document shows that Hindu had doctored the Rafale dissent note

Kavita Krishnan uses 4 year old photograph to claim PM Narendra Modi was laughing after Pulwama attack

Using a old photo, Kavita Krishna claimed the Modi was having fun at election rallies after Pulwama attack

Imran Khan’s deranged statement on Pulwama terror attack tailor-made to appeal to Indian ‘liberal’ sensibilities

In his statement on the Pulwama terror attack, Imran Khan claimed that his country had nothing to gain from attacking India. Apart from that, he threatened India with retaliation should the Indian Army decide to attack Pakistan.

Pakistan minister says ‘bells won’t toll in temples’, he forgets, India is the land of Chhatrapati Shivaji Maharaj

Sheikh Rashid Ahmad, Federal Minister for Pakistani Railways, commented that should anyone look at Pakistan in a negative manner, then "the eyes will be ripped out, the grass will not grow, the birds will not chirp and the bells won't toll in Temples."
Image Source: Swarajya

Ten things India must do to stop being a soft state

India is overly defensive. Despite its massive economic and military power, it does not respond to grave provocations (26/11, for example). It does not retaliate when attacked. It tolerates countless attacks on its citizens and affronts to its prestige.
Article 370

Article 370 must go: BJP can’t pussyfoot any longer

So what is this Article 370 which allows J&K to function much against the national (or for that matter, it’s own) interests?
Major Vibhuti Dhoundiyal was martyred with 3 other soldiers in Pulwama during an encounter

A teary adieu to Major Vibhuti Dhoundiyal: Married only last year, he made the ultimate sacrifice so we can live

Major Dhoundiyal along with three soldiers was killed in an encounter with terrorists in Pulwama district.

Latest articles

Connect with us


Don't miss these