Home Economy and Finance SBI data breach: Bank forgets to password secure its server, ends up compromising customer details

SBI data breach: Bank forgets to password secure its server, ends up compromising customer details

According to findings, this unsecured bank server was part of SBI Quick.

What can be called serious negligence on the part of India’s largest bank, the State Bank of India (SBI) forgot to secure its server hosting sensitive information in one of its Mumbai installations, allowing anyone to access financial information like bank balances and recent transactions of millions of its customers?

It is being anticipated that due to this blunder, information related to bank balance, bank account number and other key bits were leaked.

According to a report published by Techcrunch, a tip-off from an anonymous security researcher highlighted that “the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information”.

- Advertisement - - article resumes -

Though there is no surety as to how long this lapse persisted, it was rectified soon after Techcrunch approached the bank and informed about the glitch.

None of the SBI officials commented on this matter.

According to findings, this unsecured bank server was part of SBI Quick. This facility allows the bank customers to send a message or make a call to carry out basic banking functions.

According to the information provided on the bank’s website, the ‘SBI Quick – MISSED CALL BANKING is a free service from the Bank wherein you can get your Account Balance, Mini Statement and more just by giving a Missed Call or sending an SMS with pre-defined keywords to pre-defined mobile numbers from your registered mobile number.’

Meanwhile, what makes it more concerning is that because this particular app connects the customer’s phone number to his/her account, the data leaked from the bank’s server can be used by identity thieves or scammers to swindle money from bank’s accounts.

The report issued by Techcrunch noted that after gaining entry to the unsecured SBI server, the Techcrunch team was able to see “text messages going to customers in real-time, including their phone numbers, bank balances, and recent transactions The bank sent out close to three million text messages on Monday alone.” The server also allowed access to the archive of messages till December 2018, that were supposedly sent to SBI users.

Its database also contained the customer’s partial bank account number, confirmed Techcrunch.

The India-based security researcher, Karan Saini asserted that “the data could be potentially used to profile and target individuals that are known to have high account balances”.

Saini also confirmed that knowing a phone number “could be used to aid social engineering attacks- which is one of the most common attack vectors in the country with regard to financial fraud,” he said.

Recently, State Bank of India (SBI) had alleged misuse of Aadhaar data. Logins and biometrics of their Aadhaar operators have been misused to generate unauthorised Aadhaar cards, bank officials informed UIDAI.

However, the Unique Identification Authority of India (UIDAI), the authority that established the database, had rubbished SBI’s claims.

SBI has more than 500 million customers across the world, with 740 million accounts.

Help Opindia Reach Every Indian. Share This Post
We need your support to survive in the media industry. Please consider paying us for the content we produce:

To know more about these payments, please click here.


Advertisement

Big Story

The reportage of Aaj Tak journalist Anjana Om Kashyap and TV Bharatvarsh journalist Ajit Anjum raised concerns of how bullish and high-handed the media was being with unsuspecting doctors who were only doing their job.

2019 World Cup Is Here!

Catch the latest on Cricket World Cup as it unfolds, special coverage by Opindia

Uttar Pradesh: IPS Ajay Pal Sharma shoots Nazil, accused of abducting, raping and killing a 6-year-old girl

Disturbingly, such incidents of sexual abuse against children have become rampant in India

Tausif Imran Khan repeatedly raped class X girl in Vadodara, took her to religious places to brainwash and convert her

19-year-old Tausif Imran Khan, a class XII student who lived in Manjalpur, has been booked under the Protection of Children from Sexual Offences (POCSO) Act for sexually exploiting a minor.

When you don’t understand cricket, don’t tweet, else you’d sound like this journalist from The Print

Jyoti Malhotra, a journalist at the Print, which often peddles fake news, wore the hat of a cricketing expert during the India-Afghanistan World Cup match on Saturday.

Rahul Gandhi planning a nation-wide stir over ‘EVM hacking’, may boycott assembly polls: Report

Rahul Gandhi, the current President of the Congress party is planning to launch a non-cooperation movement against the PM Modi led Central government. 
Evangelists going jobless

Evangelists left jobless after Modi government’s crackdown on foreign funds, Pentecostals in Kerala severely affected

Pastors are unable to repay their loans as they stopped receiving their monthly salary for their gospel work

Sidhu’s rant comes back to haunt: Posters in Ludhiana ask him to keep his promise of quitting politics if Rahul Gandhi loses Amethi

In one of the biggest overturns in this Lok Sabha elections, Rahul Gandhi had lost from his home turf to BJP' Smriti Irani by 55,120 votes

West Bengal violence: 3 BJP workers, including a 14 year old boy shot for chanting Jai Shree Ram, BJP slams Mamata

The political violence in the state of West Bengal continues unchecked as according to BJP, 3 workers have been shot by the police in Panchasayar in Bankura district for chanting Jai Shree Ram.

No Prakash Javadekar, ‘Jai Shree Ram’ is not an ‘Indian cheer’, it’s a manifestation of the Hindu faith. Don’t cheapen it

Unless the remainder of the interview to Times Now which is yet to be released gives a different picture of Javadekarr's answer, he came off as a defensive, confused man who couldn't stand by his or his party's faith.
Journalist J Gopikrishnan had complained against Mr and Mrs Chidambaram using their 'Sr Advocate' title while facing trial for financial irregularities and scams

SC transfers complaint by journalist against Chidambaram using ‘Sr Advocate’ title to Bar Council

Gopikrishnan today took to Twitter to inform that he has got a message from the Supreme Court stating that his written complaint has been transferred to the concerned Bar Council for 'action deemed fit'.
Subscribe to Day's Top Stories
- Advertisment -

Latest articles

Connect with us

171,668FansLike
150,782FollowersFollow
70,182SubscribersSubscribe
Help Opindia Reach Every Indian. Share This Post